General
-
Target
c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600
-
Size
202KB
-
Sample
211211-mla26sbcb9
-
MD5
01b9dc754ed0112ca8b5342acfc9f9b2
-
SHA1
46a8e0f1583b26d5e2122a475a879bbb5457d45c
-
SHA256
c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600
-
SHA512
196b404efc9bd6050c0e1ea60feaffecb2275d5846730706f69d719641e3ac09ddf311566b6285c5ce01b54e3fe5bf6a2d827034275ed032e2a56f53d6a2322e
Static task
static1
Malware Config
Extracted
tofsee
mubrikych.top
oxxyfix.xyz
Targets
-
-
Target
c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600
-
Size
202KB
-
MD5
01b9dc754ed0112ca8b5342acfc9f9b2
-
SHA1
46a8e0f1583b26d5e2122a475a879bbb5457d45c
-
SHA256
c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600
-
SHA512
196b404efc9bd6050c0e1ea60feaffecb2275d5846730706f69d719641e3ac09ddf311566b6285c5ce01b54e3fe5bf6a2d827034275ed032e2a56f53d6a2322e
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-