General
-
Target
fd7d9c3df1ac408ba7bde3392d9f1b34a94ba952d680725597a3adf5c4a88de0
-
Size
13.4MB
-
Sample
211016-n1akmabhh2
-
MD5
15c52bad89be4eaf34f250d7a8e1712e
-
SHA1
a5b1b3ca452d72b7b3f3e816cc8f3fecbb67fed7
-
SHA256
fd7d9c3df1ac408ba7bde3392d9f1b34a94ba952d680725597a3adf5c4a88de0
-
SHA512
abc6be78360d69d39ff0bebc0b9e7dc8e72e0e62e6521cd1272074f65cf55ceb35efe297c682fae8cc17c468540250c14afb6e2f0727e61cc9f2018b7b157134
Static task
static1
Behavioral task
behavioral1
Sample
fd7d9c3df1ac408ba7bde3392d9f1b34a94ba952d680725597a3adf5c4a88de0.exe
Resource
win7-en-20211014
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
fd7d9c3df1ac408ba7bde3392d9f1b34a94ba952d680725597a3adf5c4a88de0
-
Size
13.4MB
-
MD5
15c52bad89be4eaf34f250d7a8e1712e
-
SHA1
a5b1b3ca452d72b7b3f3e816cc8f3fecbb67fed7
-
SHA256
fd7d9c3df1ac408ba7bde3392d9f1b34a94ba952d680725597a3adf5c4a88de0
-
SHA512
abc6be78360d69d39ff0bebc0b9e7dc8e72e0e62e6521cd1272074f65cf55ceb35efe297c682fae8cc17c468540250c14afb6e2f0727e61cc9f2018b7b157134
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-