General
-
Target
a1d23796732487b40ce43b22983327b2.exe
-
Size
279KB
-
Sample
211020-g5gfeahfcp
-
MD5
a1d23796732487b40ce43b22983327b2
-
SHA1
a9b5b16d21b145997a803857a743ce79ac0383b1
-
SHA256
84839e5c70038104b4d9fbf20988ebc952ea698be6d46c0ad5ed072897427b3f
-
SHA512
2521705f6645ecd3897d880a2d7cadaadf9fe790715a5a026b564d4fe498f1cea2bca06fb2fd4dd1e3b0a9e3de50a061b48092dde6a97634734b8a68b4b30df0
Static task
static1
Behavioral task
behavioral1
Sample
a1d23796732487b40ce43b22983327b2.exe
Resource
win7-en-20210920
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
a1d23796732487b40ce43b22983327b2.exe
-
Size
279KB
-
MD5
a1d23796732487b40ce43b22983327b2
-
SHA1
a9b5b16d21b145997a803857a743ce79ac0383b1
-
SHA256
84839e5c70038104b4d9fbf20988ebc952ea698be6d46c0ad5ed072897427b3f
-
SHA512
2521705f6645ecd3897d880a2d7cadaadf9fe790715a5a026b564d4fe498f1cea2bca06fb2fd4dd1e3b0a9e3de50a061b48092dde6a97634734b8a68b4b30df0
-
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-