General
-
Target
9769cf7547278063db22e3e0b72c404c12d67c25aaa8059c93cecf614e4e8e8c
-
Size
235KB
-
Sample
211210-yss24sbafp
-
MD5
1180403dc7458e67f0fa6f0b25cdaabb
-
SHA1
24a7f87a06c4f4920ce943443497a2536314a387
-
SHA256
9769cf7547278063db22e3e0b72c404c12d67c25aaa8059c93cecf614e4e8e8c
-
SHA512
ad07fa3c6d300cfebd479f8fd31e6c201b6b866d092a96069323d6b4eb41ac56fb100aa1327302c9200972d5867218dc59fdf661ac34897892739469ff5232cd
Static task
static1
Malware Config
Extracted
tofsee
mubrikych.top
oxxyfix.xyz
Targets
-
-
Target
9769cf7547278063db22e3e0b72c404c12d67c25aaa8059c93cecf614e4e8e8c
-
Size
235KB
-
MD5
1180403dc7458e67f0fa6f0b25cdaabb
-
SHA1
24a7f87a06c4f4920ce943443497a2536314a387
-
SHA256
9769cf7547278063db22e3e0b72c404c12d67c25aaa8059c93cecf614e4e8e8c
-
SHA512
ad07fa3c6d300cfebd479f8fd31e6c201b6b866d092a96069323d6b4eb41ac56fb100aa1327302c9200972d5867218dc59fdf661ac34897892739469ff5232cd
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-