General
-
Target
3726486a6f24576956c0d2d860f4b415bde97b4a89e1d92dcdaa06c14dbcda33
-
Size
284KB
-
Sample
211127-a3m2vafhbj
-
MD5
511f03c1999f1acbea500c3a0a583fbb
-
SHA1
57ff7a44d371a5a626b3af274a00db14aef544d2
-
SHA256
3726486a6f24576956c0d2d860f4b415bde97b4a89e1d92dcdaa06c14dbcda33
-
SHA512
8a2e43b6f9b1198723a1d2ec228f62323e9fdcefda8f3db8f3ba36be3c2452e01971debcbee1aa82060cbe39759bd1de75672819cf298df1edbee2e3219aacbd
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
3726486a6f24576956c0d2d860f4b415bde97b4a89e1d92dcdaa06c14dbcda33
-
Size
284KB
-
MD5
511f03c1999f1acbea500c3a0a583fbb
-
SHA1
57ff7a44d371a5a626b3af274a00db14aef544d2
-
SHA256
3726486a6f24576956c0d2d860f4b415bde97b4a89e1d92dcdaa06c14dbcda33
-
SHA512
8a2e43b6f9b1198723a1d2ec228f62323e9fdcefda8f3db8f3ba36be3c2452e01971debcbee1aa82060cbe39759bd1de75672819cf298df1edbee2e3219aacbd
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-