General
-
Target
863108da894666d4bc0140ca2e4cdf60f41acf9741f65288be4f93e4966a4044
-
Size
328KB
-
Sample
220121-ckg4zsdab9
-
MD5
34fa4f97e4dbba0bdb063307550ef941
-
SHA1
63dcf11fc86f7f1368651472eec6bcad06952ec8
-
SHA256
863108da894666d4bc0140ca2e4cdf60f41acf9741f65288be4f93e4966a4044
-
SHA512
7e53ece20b55d1f5d5030572f93460b6071ec5192cab6dde2f1a98de4a8d50c6b550917b1cf55bfc14cf97a20b655dc00cb34809201791acb0a1a99be8420e65
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
863108da894666d4bc0140ca2e4cdf60f41acf9741f65288be4f93e4966a4044
-
Size
328KB
-
MD5
34fa4f97e4dbba0bdb063307550ef941
-
SHA1
63dcf11fc86f7f1368651472eec6bcad06952ec8
-
SHA256
863108da894666d4bc0140ca2e4cdf60f41acf9741f65288be4f93e4966a4044
-
SHA512
7e53ece20b55d1f5d5030572f93460b6071ec5192cab6dde2f1a98de4a8d50c6b550917b1cf55bfc14cf97a20b655dc00cb34809201791acb0a1a99be8420e65
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-