General
-
Target
fa224d582cbc7477d5b17576baa7570483cad0be6ff5857d5ef79838ba3d5add
-
Size
12.0MB
-
Sample
211026-1jh7naada4
-
MD5
769d690d845642d89e87b512cdd60338
-
SHA1
ad65ac262fc358d9a10cc8089e23373b7f4aa3bb
-
SHA256
fa224d582cbc7477d5b17576baa7570483cad0be6ff5857d5ef79838ba3d5add
-
SHA512
79b7b168a5d1e9653fa1069ebb1209a14b4bc689f700e42da2a82487a8f71c5965219b1afd80cdcbadbfa98f77f01908fc9c37424f972ed5b50b68e059a02973
Static task
static1
Behavioral task
behavioral1
Sample
fa224d582cbc7477d5b17576baa7570483cad0be6ff5857d5ef79838ba3d5add.exe
Resource
win7-en-20210920
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
fa224d582cbc7477d5b17576baa7570483cad0be6ff5857d5ef79838ba3d5add
-
Size
12.0MB
-
MD5
769d690d845642d89e87b512cdd60338
-
SHA1
ad65ac262fc358d9a10cc8089e23373b7f4aa3bb
-
SHA256
fa224d582cbc7477d5b17576baa7570483cad0be6ff5857d5ef79838ba3d5add
-
SHA512
79b7b168a5d1e9653fa1069ebb1209a14b4bc689f700e42da2a82487a8f71c5965219b1afd80cdcbadbfa98f77f01908fc9c37424f972ed5b50b68e059a02973
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-