General
-
Target
1a7f3a1a97ebbd6077040d07f3ee5395a7c8dd7da2f8dace5e181ac3cb515bbf
-
Size
327KB
-
Sample
220121-d3547sdda7
-
MD5
12e81b61e0142768aa5429e7a51cd64f
-
SHA1
a656eaadda0e87c5937af604a7507928bf4dddc7
-
SHA256
1a7f3a1a97ebbd6077040d07f3ee5395a7c8dd7da2f8dace5e181ac3cb515bbf
-
SHA512
b291065cf103b943839b50f53cb2eafab02e67c9feadfe1650f06f8280815ac2f1cba09b767473c8f030abf6f96eb6415e0882a7f4eb6c4e293bdd357bc8be44
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
1a7f3a1a97ebbd6077040d07f3ee5395a7c8dd7da2f8dace5e181ac3cb515bbf
-
Size
327KB
-
MD5
12e81b61e0142768aa5429e7a51cd64f
-
SHA1
a656eaadda0e87c5937af604a7507928bf4dddc7
-
SHA256
1a7f3a1a97ebbd6077040d07f3ee5395a7c8dd7da2f8dace5e181ac3cb515bbf
-
SHA512
b291065cf103b943839b50f53cb2eafab02e67c9feadfe1650f06f8280815ac2f1cba09b767473c8f030abf6f96eb6415e0882a7f4eb6c4e293bdd357bc8be44
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-