General
-
Target
610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9
-
Size
327KB
-
Sample
220121-g83stadhcp
-
MD5
4a1bfae4cf1a7e216f0f3eabc335e742
-
SHA1
0cb0ba6b2425caf4b655ee59ead504e1b8f86b1f
-
SHA256
610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9
-
SHA512
4cb5b51ef242eee2157292497198aa646631cd3dfe9f98b18f975f0e8fa9cacbd8f5057f3b56cd2a43f3bc7d0a29b2e259aaa645a00561112941f4007a8ea015
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9
-
Size
327KB
-
MD5
4a1bfae4cf1a7e216f0f3eabc335e742
-
SHA1
0cb0ba6b2425caf4b655ee59ead504e1b8f86b1f
-
SHA256
610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9
-
SHA512
4cb5b51ef242eee2157292497198aa646631cd3dfe9f98b18f975f0e8fa9cacbd8f5057f3b56cd2a43f3bc7d0a29b2e259aaa645a00561112941f4007a8ea015
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-