General
-
Target
a0e2975274b136b5f17b564b3dd58bdcf318a44fab72b7f2d72dfdfedefd0844
-
Size
177KB
-
Sample
211126-wtd88sdhhn
-
MD5
8e074132f411c4252d13abbe359cd967
-
SHA1
800f64c711441cdecd1386c5bf89052f58b987c5
-
SHA256
a0e2975274b136b5f17b564b3dd58bdcf318a44fab72b7f2d72dfdfedefd0844
-
SHA512
8f96a0ebc34cf4012e7c3bab89b628c977d77330dc4400d222d5e1594ff12a2bae5b87a36849fe172f4c0d306302a5c4ddaf56e0d1295d97a5a9e2a6e70be021
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
a0e2975274b136b5f17b564b3dd58bdcf318a44fab72b7f2d72dfdfedefd0844
-
Size
177KB
-
MD5
8e074132f411c4252d13abbe359cd967
-
SHA1
800f64c711441cdecd1386c5bf89052f58b987c5
-
SHA256
a0e2975274b136b5f17b564b3dd58bdcf318a44fab72b7f2d72dfdfedefd0844
-
SHA512
8f96a0ebc34cf4012e7c3bab89b628c977d77330dc4400d222d5e1594ff12a2bae5b87a36849fe172f4c0d306302a5c4ddaf56e0d1295d97a5a9e2a6e70be021
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-