General
-
Target
a1f971dcd32057994be0c0ed4b0b787c056fe9cd7cf97a3f633ace7b87ddbd67
-
Size
296KB
-
Sample
211125-vang5afggl
-
MD5
757ce131ccde40f4dc3b83a4ff4cf139
-
SHA1
c752d3554b5cd4d55380afc651c39b4554f33e82
-
SHA256
a1f971dcd32057994be0c0ed4b0b787c056fe9cd7cf97a3f633ace7b87ddbd67
-
SHA512
93dc567d28527f4882a8acd548eeba6223b0ecf43f90a2580aca48d1fbc2828d922ad276899aa059d7046198f24e7d5334b9215bc8ac765f7da0155a78310a4a
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
a1f971dcd32057994be0c0ed4b0b787c056fe9cd7cf97a3f633ace7b87ddbd67
-
Size
296KB
-
MD5
757ce131ccde40f4dc3b83a4ff4cf139
-
SHA1
c752d3554b5cd4d55380afc651c39b4554f33e82
-
SHA256
a1f971dcd32057994be0c0ed4b0b787c056fe9cd7cf97a3f633ace7b87ddbd67
-
SHA512
93dc567d28527f4882a8acd548eeba6223b0ecf43f90a2580aca48d1fbc2828d922ad276899aa059d7046198f24e7d5334b9215bc8ac765f7da0155a78310a4a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-