General
-
Target
ac640c150beb86b7a5dea208cdf187aadba828f7115ed2418ab06461a0ccfcc0
-
Size
153KB
-
Sample
210926-wce47sfbg9
-
MD5
b4b463d7f677821bef88956f82e4acfe
-
SHA1
e8b8e46d97fddabb2a1e3641b934ea82f7f84617
-
SHA256
ac640c150beb86b7a5dea208cdf187aadba828f7115ed2418ab06461a0ccfcc0
-
SHA512
ce0a47ddd139ddc927776b9925c194aa8ed22d91409d068674e2ebdb16956155e1d3169e46db97841047084ca552af89f6452244064f0e0883c86a73b58c8d73
Static task
static1
Malware Config
Targets
-
-
Target
ac640c150beb86b7a5dea208cdf187aadba828f7115ed2418ab06461a0ccfcc0
-
Size
153KB
-
MD5
b4b463d7f677821bef88956f82e4acfe
-
SHA1
e8b8e46d97fddabb2a1e3641b934ea82f7f84617
-
SHA256
ac640c150beb86b7a5dea208cdf187aadba828f7115ed2418ab06461a0ccfcc0
-
SHA512
ce0a47ddd139ddc927776b9925c194aa8ed22d91409d068674e2ebdb16956155e1d3169e46db97841047084ca552af89f6452244064f0e0883c86a73b58c8d73
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-