General
-
Target
f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c
-
Size
295KB
-
Sample
211125-tsrrtsfgbp
-
MD5
75297b62bc49e2e03e350466349c4736
-
SHA1
f7c2f9140746f35cb9a310b18d5c2a82dd1d566a
-
SHA256
f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c
-
SHA512
73855d458ba87d26cec322a4522b2566018f763826f10d82c8b5646947f35e0d8b62cf71baf152e0eaeee9522c7e279538975c0d84f461e93e470d8aa4ba0aab
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c
-
Size
295KB
-
MD5
75297b62bc49e2e03e350466349c4736
-
SHA1
f7c2f9140746f35cb9a310b18d5c2a82dd1d566a
-
SHA256
f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c
-
SHA512
73855d458ba87d26cec322a4522b2566018f763826f10d82c8b5646947f35e0d8b62cf71baf152e0eaeee9522c7e279538975c0d84f461e93e470d8aa4ba0aab
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-