General
-
Target
2108d455134d5152ff537f0b343ac6e872e4fec5a2847ba7609eb87cae5cfaf0
-
Size
328KB
-
Sample
220121-fm7zzadeej
-
MD5
5218f46316d854ea8d7aa4dede06bfb2
-
SHA1
332815d485dedb98f15c2847de16e55d65c9062a
-
SHA256
2108d455134d5152ff537f0b343ac6e872e4fec5a2847ba7609eb87cae5cfaf0
-
SHA512
ac77e72b6e00de19456148d2a1b871170143990db9b7dcfe1fe5b8acf1d0fa6ed826d276ec11669e6d7c9305acd113a053d6f0a7ffdc34dc8ff86a4f9ee8b2e5
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
2108d455134d5152ff537f0b343ac6e872e4fec5a2847ba7609eb87cae5cfaf0
-
Size
328KB
-
MD5
5218f46316d854ea8d7aa4dede06bfb2
-
SHA1
332815d485dedb98f15c2847de16e55d65c9062a
-
SHA256
2108d455134d5152ff537f0b343ac6e872e4fec5a2847ba7609eb87cae5cfaf0
-
SHA512
ac77e72b6e00de19456148d2a1b871170143990db9b7dcfe1fe5b8acf1d0fa6ed826d276ec11669e6d7c9305acd113a053d6f0a7ffdc34dc8ff86a4f9ee8b2e5
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-