General
-
Target
464c61f54fd6eecccc98dc0830a0931eb633dc4d3b2d20ad875edba0891baf3a
-
Size
174KB
-
Sample
211126-sf73lsgdc2
-
MD5
acc22a59d6fbf3d6bd190d06a3033ed1
-
SHA1
67cac982a00f409bf0db0946b2585bd4d51965aa
-
SHA256
464c61f54fd6eecccc98dc0830a0931eb633dc4d3b2d20ad875edba0891baf3a
-
SHA512
d1222711a8545630c30660934ba0d73b0ebf615b328f071ab7292b85b39a93727ddfdd052b52f9082a65fc7461671dbf1031a3e5b1a361b67ca476f4bdfb560e
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
464c61f54fd6eecccc98dc0830a0931eb633dc4d3b2d20ad875edba0891baf3a
-
Size
174KB
-
MD5
acc22a59d6fbf3d6bd190d06a3033ed1
-
SHA1
67cac982a00f409bf0db0946b2585bd4d51965aa
-
SHA256
464c61f54fd6eecccc98dc0830a0931eb633dc4d3b2d20ad875edba0891baf3a
-
SHA512
d1222711a8545630c30660934ba0d73b0ebf615b328f071ab7292b85b39a93727ddfdd052b52f9082a65fc7461671dbf1031a3e5b1a361b67ca476f4bdfb560e
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-