General
-
Target
b55428b05d88d22873aab0b677191b95c9960158d0e40a4701a70a6034da1f24
-
Size
175KB
-
Sample
211126-z9t66sacd3
-
MD5
bc3e41f77669655483d7a7e6cf2a5dc2
-
SHA1
a82d8195d657292447045c3c041f787c8820decb
-
SHA256
b55428b05d88d22873aab0b677191b95c9960158d0e40a4701a70a6034da1f24
-
SHA512
c3f2e94b538d1cf8ef5b31155d89d261ca27f5a4832b63a0c8432ffb96f45c97ec8fdb13caca0956468aa96851adcc1b3b9a49c130fdecff115fcd50f21983d2
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
b55428b05d88d22873aab0b677191b95c9960158d0e40a4701a70a6034da1f24
-
Size
175KB
-
MD5
bc3e41f77669655483d7a7e6cf2a5dc2
-
SHA1
a82d8195d657292447045c3c041f787c8820decb
-
SHA256
b55428b05d88d22873aab0b677191b95c9960158d0e40a4701a70a6034da1f24
-
SHA512
c3f2e94b538d1cf8ef5b31155d89d261ca27f5a4832b63a0c8432ffb96f45c97ec8fdb13caca0956468aa96851adcc1b3b9a49c130fdecff115fcd50f21983d2
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-