General
-
Target
7340cd1358bb972e66d93aa4a8eb17d285e6fd36c2c99bb5016cc5f74e23de48
-
Size
328KB
-
Sample
220121-adflgacddr
-
MD5
c7f252b9e6aa351a7ac391774d375645
-
SHA1
be2b7b03a0968add03812376913dc577a62a34fe
-
SHA256
7340cd1358bb972e66d93aa4a8eb17d285e6fd36c2c99bb5016cc5f74e23de48
-
SHA512
c3200383040ff7b6bdb4c25d5bff2bab691ae9715216f98508e0e70dd180c3a51d3f2434e03f9bb339bdd89981964ebcdcaa047b7e1f89d05fa8ea5480ae06aa
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
7340cd1358bb972e66d93aa4a8eb17d285e6fd36c2c99bb5016cc5f74e23de48
-
Size
328KB
-
MD5
c7f252b9e6aa351a7ac391774d375645
-
SHA1
be2b7b03a0968add03812376913dc577a62a34fe
-
SHA256
7340cd1358bb972e66d93aa4a8eb17d285e6fd36c2c99bb5016cc5f74e23de48
-
SHA512
c3200383040ff7b6bdb4c25d5bff2bab691ae9715216f98508e0e70dd180c3a51d3f2434e03f9bb339bdd89981964ebcdcaa047b7e1f89d05fa8ea5480ae06aa
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-