General
-
Target
b4eabf0c6061aa219bacba886c1281b5e0369a4c1db7d3455a0339678a049089
-
Size
176KB
-
Sample
211126-3f9ljsafh7
-
MD5
8f756cf699e2e98f5a6ee23cc5f69cbf
-
SHA1
d4eb20d4887d28313356ffebbff3092f31f67226
-
SHA256
b4eabf0c6061aa219bacba886c1281b5e0369a4c1db7d3455a0339678a049089
-
SHA512
5be8f52d85a9fed975b74df60724c39ad36bcd6e63c806e50a2b95289d81353ce6cbc49b756ce75e34bd74ce7df55d50f6e9d3899f91ad2d96bb416234013d16
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
b4eabf0c6061aa219bacba886c1281b5e0369a4c1db7d3455a0339678a049089
-
Size
176KB
-
MD5
8f756cf699e2e98f5a6ee23cc5f69cbf
-
SHA1
d4eb20d4887d28313356ffebbff3092f31f67226
-
SHA256
b4eabf0c6061aa219bacba886c1281b5e0369a4c1db7d3455a0339678a049089
-
SHA512
5be8f52d85a9fed975b74df60724c39ad36bcd6e63c806e50a2b95289d81353ce6cbc49b756ce75e34bd74ce7df55d50f6e9d3899f91ad2d96bb416234013d16
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-