General
-
Target
0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2
-
Size
315KB
-
Sample
211127-kwhtnahgcn
-
MD5
ac7988f4e59d807f41a4a2163538fd46
-
SHA1
ab29b1ea7a76e8c9dfb61a8827e3c617416df95f
-
SHA256
0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2
-
SHA512
cd9441be653eac1eb54647abbca76162abdf2618b44ded7b710e9a5fb5af5a1f4bb221f1e85e4ede43c66ea60e0a82d2ce627414b93f731478f9c5fff2cf5130
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2
-
Size
315KB
-
MD5
ac7988f4e59d807f41a4a2163538fd46
-
SHA1
ab29b1ea7a76e8c9dfb61a8827e3c617416df95f
-
SHA256
0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2
-
SHA512
cd9441be653eac1eb54647abbca76162abdf2618b44ded7b710e9a5fb5af5a1f4bb221f1e85e4ede43c66ea60e0a82d2ce627414b93f731478f9c5fff2cf5130
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-