General
-
Target
e8fc78f8652bea8025aa37750d8d59c7fa4b3f908796f4c01a09bd8c7cf0a732
-
Size
177KB
-
Sample
211126-xx2z5shdg3
-
MD5
f4ec7a07712dc0e829266096860b29e2
-
SHA1
f5c0f0ac8a4c7eb59b07de9abde4a92ae71fa9b1
-
SHA256
e8fc78f8652bea8025aa37750d8d59c7fa4b3f908796f4c01a09bd8c7cf0a732
-
SHA512
85cb306ffd961ac3dabae4dddd87b84ec258e75deeffc71b17fff04394c1450438429c75b20c6a0b0aa1d3e3da59169124f822b40c3f2994ec8dfa0922bdfc41
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
e8fc78f8652bea8025aa37750d8d59c7fa4b3f908796f4c01a09bd8c7cf0a732
-
Size
177KB
-
MD5
f4ec7a07712dc0e829266096860b29e2
-
SHA1
f5c0f0ac8a4c7eb59b07de9abde4a92ae71fa9b1
-
SHA256
e8fc78f8652bea8025aa37750d8d59c7fa4b3f908796f4c01a09bd8c7cf0a732
-
SHA512
85cb306ffd961ac3dabae4dddd87b84ec258e75deeffc71b17fff04394c1450438429c75b20c6a0b0aa1d3e3da59169124f822b40c3f2994ec8dfa0922bdfc41
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-