General
-
Target
47997180f37bf76594e22ad592a7165b26d526d798060c1188ef4e1a4070dc3b
-
Size
269KB
-
Sample
220120-jxvzyaghf3
-
MD5
61e06fe624fe65510af4812917d134c4
-
SHA1
8068dde1bb70fef07ec65a42eda8705ae14dc61d
-
SHA256
47997180f37bf76594e22ad592a7165b26d526d798060c1188ef4e1a4070dc3b
-
SHA512
db5ea8323e92911d6cb8831bd7d0369c4e92c0261597a1acfa76534e599c12b64ed246cbbcc04c94c09a783fd188a8a30647adb9a7bc4f43ee419fa7b2edeec0
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
47997180f37bf76594e22ad592a7165b26d526d798060c1188ef4e1a4070dc3b
-
Size
269KB
-
MD5
61e06fe624fe65510af4812917d134c4
-
SHA1
8068dde1bb70fef07ec65a42eda8705ae14dc61d
-
SHA256
47997180f37bf76594e22ad592a7165b26d526d798060c1188ef4e1a4070dc3b
-
SHA512
db5ea8323e92911d6cb8831bd7d0369c4e92c0261597a1acfa76534e599c12b64ed246cbbcc04c94c09a783fd188a8a30647adb9a7bc4f43ee419fa7b2edeec0
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-