General
-
Target
6f8ff16642baa4631b796cca882ea4f2b1552843d51d08145eaa830a77fe2c2e
-
Size
235KB
-
Sample
211210-vrk4bsafgl
-
MD5
a6529c460959f624691298c3a386431a
-
SHA1
39239edb42e90535611a56cb136d23e5cbc870aa
-
SHA256
6f8ff16642baa4631b796cca882ea4f2b1552843d51d08145eaa830a77fe2c2e
-
SHA512
75f62ed8c09d08372bc8b8d3094c899ac6d2b7df7d0f24fe3f7ab200f45d4d0bc4c2ddb55babf1b3888740325a42e14d495714c8380364f15c40af0090b6c259
Static task
static1
Malware Config
Extracted
tofsee
mubrikych.top
oxxyfix.xyz
Targets
-
-
Target
6f8ff16642baa4631b796cca882ea4f2b1552843d51d08145eaa830a77fe2c2e
-
Size
235KB
-
MD5
a6529c460959f624691298c3a386431a
-
SHA1
39239edb42e90535611a56cb136d23e5cbc870aa
-
SHA256
6f8ff16642baa4631b796cca882ea4f2b1552843d51d08145eaa830a77fe2c2e
-
SHA512
75f62ed8c09d08372bc8b8d3094c899ac6d2b7df7d0f24fe3f7ab200f45d4d0bc4c2ddb55babf1b3888740325a42e14d495714c8380364f15c40af0090b6c259
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-