General
-
Target
5d85fc520db4cb002e23bdbf33c6d6397fdf12b2ffdb85eed406899127c722d6
-
Size
285KB
-
Sample
211127-ee2mjsbgb4
-
MD5
ed0695c81af7e23c4525eb5f22552df0
-
SHA1
e300941227ca26968bd3c74d4d0b15c3c0f5d14f
-
SHA256
5d85fc520db4cb002e23bdbf33c6d6397fdf12b2ffdb85eed406899127c722d6
-
SHA512
285be4ac891e7237c016a4559aba27e7c56c6cf085738c695d478a9885dfd075a588cce2f45d1041e0f2ee40e72c3e4721e79355e127b86697226f09838fb793
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
5d85fc520db4cb002e23bdbf33c6d6397fdf12b2ffdb85eed406899127c722d6
-
Size
285KB
-
MD5
ed0695c81af7e23c4525eb5f22552df0
-
SHA1
e300941227ca26968bd3c74d4d0b15c3c0f5d14f
-
SHA256
5d85fc520db4cb002e23bdbf33c6d6397fdf12b2ffdb85eed406899127c722d6
-
SHA512
285be4ac891e7237c016a4559aba27e7c56c6cf085738c695d478a9885dfd075a588cce2f45d1041e0f2ee40e72c3e4721e79355e127b86697226f09838fb793
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-