General
-
Target
84e5ac849e237c58ccbc793504d9edd78ce3c227dd5cf0c7211d46957af543af
-
Size
157KB
-
Sample
210926-tkbewafabr
-
MD5
7fa3f7279f96b0277cd26d41b9fc6075
-
SHA1
2f22d98b8225670ed14634fc270521a2009929cb
-
SHA256
84e5ac849e237c58ccbc793504d9edd78ce3c227dd5cf0c7211d46957af543af
-
SHA512
4b825292064769bafb637e99af7328bc9bb982e3c654bd5628f2b8c8b8f1b7bcf3555a8b72b9e8e429a665a83e7680711dbe1e459c821b553bf4f2af5bc41c13
Static task
static1
Malware Config
Targets
-
-
Target
84e5ac849e237c58ccbc793504d9edd78ce3c227dd5cf0c7211d46957af543af
-
Size
157KB
-
MD5
7fa3f7279f96b0277cd26d41b9fc6075
-
SHA1
2f22d98b8225670ed14634fc270521a2009929cb
-
SHA256
84e5ac849e237c58ccbc793504d9edd78ce3c227dd5cf0c7211d46957af543af
-
SHA512
4b825292064769bafb637e99af7328bc9bb982e3c654bd5628f2b8c8b8f1b7bcf3555a8b72b9e8e429a665a83e7680711dbe1e459c821b553bf4f2af5bc41c13
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-