General
-
Target
0556b0bdb422e27bbf283d32e6aaff7f1088686afb9da8dac40e5f35b8f14924
-
Size
14.9MB
-
Sample
211022-pwxd9scecj
-
MD5
d317ee7da68c7ade86431c3deea6b632
-
SHA1
cc2af8bde9b1fb9ba38453f9def071c29dcda073
-
SHA256
0556b0bdb422e27bbf283d32e6aaff7f1088686afb9da8dac40e5f35b8f14924
-
SHA512
369c2429a6fbf5c02dcd18da04ce8f380e80eddb495ef6780fbabf06ef001bc9ba8ef2430e435cb2c3b4953e8455a51a1d9c9c55982153b6f1050d157c4da8fc
Static task
static1
Behavioral task
behavioral1
Sample
0556b0bdb422e27bbf283d32e6aaff7f1088686afb9da8dac40e5f35b8f14924.exe
Resource
win7-en-20210920
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
0556b0bdb422e27bbf283d32e6aaff7f1088686afb9da8dac40e5f35b8f14924
-
Size
14.9MB
-
MD5
d317ee7da68c7ade86431c3deea6b632
-
SHA1
cc2af8bde9b1fb9ba38453f9def071c29dcda073
-
SHA256
0556b0bdb422e27bbf283d32e6aaff7f1088686afb9da8dac40e5f35b8f14924
-
SHA512
369c2429a6fbf5c02dcd18da04ce8f380e80eddb495ef6780fbabf06ef001bc9ba8ef2430e435cb2c3b4953e8455a51a1d9c9c55982153b6f1050d157c4da8fc
-
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-