General
-
Target
14f786175f9af49c0b778aaef2072760f96ee7b35146f99f0283f95fec9e63e1
-
Size
10.0MB
-
Sample
211130-tjf9qsfdfr
-
MD5
db37427c0df4037ae438918b0e693485
-
SHA1
e2174a50d56be469103f0354e89c1b5816605c5a
-
SHA256
14f786175f9af49c0b778aaef2072760f96ee7b35146f99f0283f95fec9e63e1
-
SHA512
6d6b45b8dc768924d2a7050ddc7601cf02483f9b827a86fe29c48c55f1d8b4cc667af8fd05ab8eea2f37e21380ddfbdeea1e3ca5da00b4ddf5e0077e8be83bb6
Static task
static1
Behavioral task
behavioral1
Sample
14f786175f9af49c0b778aaef2072760f96ee7b35146f99f0283f95fec9e63e1.exe
Resource
win7-en-20211014
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
14f786175f9af49c0b778aaef2072760f96ee7b35146f99f0283f95fec9e63e1
-
Size
10.0MB
-
MD5
db37427c0df4037ae438918b0e693485
-
SHA1
e2174a50d56be469103f0354e89c1b5816605c5a
-
SHA256
14f786175f9af49c0b778aaef2072760f96ee7b35146f99f0283f95fec9e63e1
-
SHA512
6d6b45b8dc768924d2a7050ddc7601cf02483f9b827a86fe29c48c55f1d8b4cc667af8fd05ab8eea2f37e21380ddfbdeea1e3ca5da00b4ddf5e0077e8be83bb6
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-