General
-
Target
9ab7c0a188db1c4a3f6d377eb74b4123fcf804c7556b46cf3c0bc32b95ba1942
-
Size
328KB
-
Sample
220121-23et1scbh5
-
MD5
f1dd1c26f2e48c6f62692ba86afbfca7
-
SHA1
a0be110625ba061c405c26ab2d2f7c77e5e6852d
-
SHA256
9ab7c0a188db1c4a3f6d377eb74b4123fcf804c7556b46cf3c0bc32b95ba1942
-
SHA512
7b268d461ed8430e5362a554e7050141063032738c4e7bf4cd779890f9cb54e4653c9d611838531614c3d2422269ad32ac7a37c8c2034c7402d53892b20c1228
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
9ab7c0a188db1c4a3f6d377eb74b4123fcf804c7556b46cf3c0bc32b95ba1942
-
Size
328KB
-
MD5
f1dd1c26f2e48c6f62692ba86afbfca7
-
SHA1
a0be110625ba061c405c26ab2d2f7c77e5e6852d
-
SHA256
9ab7c0a188db1c4a3f6d377eb74b4123fcf804c7556b46cf3c0bc32b95ba1942
-
SHA512
7b268d461ed8430e5362a554e7050141063032738c4e7bf4cd779890f9cb54e4653c9d611838531614c3d2422269ad32ac7a37c8c2034c7402d53892b20c1228
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-