General
-
Target
91afd4d395681d7acb2ca45e7a1817b3c828fad2e28e1c0ceaebb152176b20e1
-
Size
275KB
-
Sample
220120-ed9lrsfeh6
-
MD5
063b2c711a6b8465d2a41d4d40f2ca44
-
SHA1
3fd50df7aaba9b0d0bdbf6562edb27ddbf9c669d
-
SHA256
91afd4d395681d7acb2ca45e7a1817b3c828fad2e28e1c0ceaebb152176b20e1
-
SHA512
ccb06b5c65430058b8a59e707097fae94cd5a9318d031f01e5c27150ef6a53fb6c5778c238aa548cc52337c9b1a476c9f2d65d8c7854ac2bc53eab93584ae963
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
91afd4d395681d7acb2ca45e7a1817b3c828fad2e28e1c0ceaebb152176b20e1
-
Size
275KB
-
MD5
063b2c711a6b8465d2a41d4d40f2ca44
-
SHA1
3fd50df7aaba9b0d0bdbf6562edb27ddbf9c669d
-
SHA256
91afd4d395681d7acb2ca45e7a1817b3c828fad2e28e1c0ceaebb152176b20e1
-
SHA512
ccb06b5c65430058b8a59e707097fae94cd5a9318d031f01e5c27150ef6a53fb6c5778c238aa548cc52337c9b1a476c9f2d65d8c7854ac2bc53eab93584ae963
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-