General
-
Target
83fedd4439f1cae02172e8a6a03adc5c202dc112291ac32b17f8ec9a24d28a12
-
Size
248KB
-
Sample
220120-znv7cabfd3
-
MD5
6eebc31ee3709d1742448abdc0bdae53
-
SHA1
b233ba533e3ba1a7200cc1c827bf3e662c781fd6
-
SHA256
83fedd4439f1cae02172e8a6a03adc5c202dc112291ac32b17f8ec9a24d28a12
-
SHA512
2932331b17316fbbb7b5bfe1d1436b954c60464f2bcb08c45e75b3bc87da801a222112c90c3d29fc2f111fd9803ef430d83bd11a45fd2ed3cf83abb709e3a009
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
83fedd4439f1cae02172e8a6a03adc5c202dc112291ac32b17f8ec9a24d28a12
-
Size
248KB
-
MD5
6eebc31ee3709d1742448abdc0bdae53
-
SHA1
b233ba533e3ba1a7200cc1c827bf3e662c781fd6
-
SHA256
83fedd4439f1cae02172e8a6a03adc5c202dc112291ac32b17f8ec9a24d28a12
-
SHA512
2932331b17316fbbb7b5bfe1d1436b954c60464f2bcb08c45e75b3bc87da801a222112c90c3d29fc2f111fd9803ef430d83bd11a45fd2ed3cf83abb709e3a009
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-