General
-
Target
a209c94dfc0016b92e634d3efba6e997017f60c89f314a8ef5ebeaec77629bc0
-
Size
284KB
-
Sample
211127-g6chvacce2
-
MD5
f2a73c444d09ad6eeb4bb964718bf53e
-
SHA1
5778c4491c0f7abba0743399078f67e258ab836d
-
SHA256
a209c94dfc0016b92e634d3efba6e997017f60c89f314a8ef5ebeaec77629bc0
-
SHA512
35f7fc8192135639fb6b70dce595c18b974081902d1bf83a293deeb6a5b7f9a5169ddee34aef92b8eed0a82bc8c3172ba9673ac9e5e0b77f199f4d892e21a64e
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
a209c94dfc0016b92e634d3efba6e997017f60c89f314a8ef5ebeaec77629bc0
-
Size
284KB
-
MD5
f2a73c444d09ad6eeb4bb964718bf53e
-
SHA1
5778c4491c0f7abba0743399078f67e258ab836d
-
SHA256
a209c94dfc0016b92e634d3efba6e997017f60c89f314a8ef5ebeaec77629bc0
-
SHA512
35f7fc8192135639fb6b70dce595c18b974081902d1bf83a293deeb6a5b7f9a5169ddee34aef92b8eed0a82bc8c3172ba9673ac9e5e0b77f199f4d892e21a64e
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-