General
-
Target
f3baa4ed45dc9d0b254f70e6e4b0ac0f.exe
-
Size
344KB
-
Sample
211018-psdsradee4
-
MD5
f3baa4ed45dc9d0b254f70e6e4b0ac0f
-
SHA1
b3aa03c4bebf4d65227f54f2cafd1e50daa8aebe
-
SHA256
16fdbb6f45f722fffffafa455e8c5dd268c895e6b050031f40ab557be5240332
-
SHA512
13d2af499e0ae5819ced2d9086926dbd73259efa24e64705651899f6f1d730e8ed0b36d3438d4271a9254979f132523a3fb9f0994bb77a2a1d2105618f0bbb4a
Static task
static1
Behavioral task
behavioral1
Sample
f3baa4ed45dc9d0b254f70e6e4b0ac0f.exe
Resource
win7-en-20210920
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
f3baa4ed45dc9d0b254f70e6e4b0ac0f.exe
-
Size
344KB
-
MD5
f3baa4ed45dc9d0b254f70e6e4b0ac0f
-
SHA1
b3aa03c4bebf4d65227f54f2cafd1e50daa8aebe
-
SHA256
16fdbb6f45f722fffffafa455e8c5dd268c895e6b050031f40ab557be5240332
-
SHA512
13d2af499e0ae5819ced2d9086926dbd73259efa24e64705651899f6f1d730e8ed0b36d3438d4271a9254979f132523a3fb9f0994bb77a2a1d2105618f0bbb4a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-