General
-
Target
7fc75f6bce25afa8b97cc0b4ba8a45dc13308a8b414b0ae37ef3240e699bf0b1
-
Size
296KB
-
Sample
211125-ve1cgsbbg5
-
MD5
2ddc12c1ecf38f8679140f075528b336
-
SHA1
ab39cdf75ad5191683a1f16c6d2069771ea09e54
-
SHA256
7fc75f6bce25afa8b97cc0b4ba8a45dc13308a8b414b0ae37ef3240e699bf0b1
-
SHA512
ae863319dd38111695a8198b4495e402ca0fe027473ac92829d83f5fafd505fb6100960f51d7d96d557e69e7578285bdd386b060e651c26568dc005afaedb9e5
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
7fc75f6bce25afa8b97cc0b4ba8a45dc13308a8b414b0ae37ef3240e699bf0b1
-
Size
296KB
-
MD5
2ddc12c1ecf38f8679140f075528b336
-
SHA1
ab39cdf75ad5191683a1f16c6d2069771ea09e54
-
SHA256
7fc75f6bce25afa8b97cc0b4ba8a45dc13308a8b414b0ae37ef3240e699bf0b1
-
SHA512
ae863319dd38111695a8198b4495e402ca0fe027473ac92829d83f5fafd505fb6100960f51d7d96d557e69e7578285bdd386b060e651c26568dc005afaedb9e5
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-