General
-
Target
add8d95ef5d7841053b6ad4be0c945e08f33ead91e3d8739096259a803ff7bd9
-
Size
176KB
-
Sample
211126-tgnwssddaj
-
MD5
841f580ad01f6fb7e77d4f5548c904e1
-
SHA1
bd9e6f033297b83e5017c829d711489d41b941a3
-
SHA256
add8d95ef5d7841053b6ad4be0c945e08f33ead91e3d8739096259a803ff7bd9
-
SHA512
782771e39e06072ee4ea2669f54cdd9815bb0f08bf3b0a7edd46d75d2e206bbb2d069413a71fa96533ca11426f348bd33e9b6217a5fc2a4c0d54055995beaac1
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
add8d95ef5d7841053b6ad4be0c945e08f33ead91e3d8739096259a803ff7bd9
-
Size
176KB
-
MD5
841f580ad01f6fb7e77d4f5548c904e1
-
SHA1
bd9e6f033297b83e5017c829d711489d41b941a3
-
SHA256
add8d95ef5d7841053b6ad4be0c945e08f33ead91e3d8739096259a803ff7bd9
-
SHA512
782771e39e06072ee4ea2669f54cdd9815bb0f08bf3b0a7edd46d75d2e206bbb2d069413a71fa96533ca11426f348bd33e9b6217a5fc2a4c0d54055995beaac1
-
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-