General
-
Target
b18c116180baa08d1a2ef0280ece01c8b50f34e37eca91ad7e2fcac016127e48
-
Size
318KB
-
Sample
220115-bklxhacbam
-
MD5
67680affa10e96459b06bbb2a0ae9186
-
SHA1
934edda0261f3f8333c482e386f4058baf9b72ac
-
SHA256
b18c116180baa08d1a2ef0280ece01c8b50f34e37eca91ad7e2fcac016127e48
-
SHA512
17358b18553684832df71df94af6d999d661d92b339eb1861060f8d56f658807f105dac4fe8a5a086baa87d6a65fbbac0bfa8b41c2d015f780a802cee6e62b21
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
parubey.info
Targets
-
-
Target
b18c116180baa08d1a2ef0280ece01c8b50f34e37eca91ad7e2fcac016127e48
-
Size
318KB
-
MD5
67680affa10e96459b06bbb2a0ae9186
-
SHA1
934edda0261f3f8333c482e386f4058baf9b72ac
-
SHA256
b18c116180baa08d1a2ef0280ece01c8b50f34e37eca91ad7e2fcac016127e48
-
SHA512
17358b18553684832df71df94af6d999d661d92b339eb1861060f8d56f658807f105dac4fe8a5a086baa87d6a65fbbac0bfa8b41c2d015f780a802cee6e62b21
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-