General
-
Target
cc9669040bd39f2ee3104f373d620338fced701863b337bc3b34c0e76938311f
-
Size
328KB
-
Sample
220121-kjr7kaeder
-
MD5
810b1cb87816c2303a83599b0cc3846e
-
SHA1
da619255790d8ef9479c6adbdacd85bcfc2e79c2
-
SHA256
cc9669040bd39f2ee3104f373d620338fced701863b337bc3b34c0e76938311f
-
SHA512
8e0013be3551995076c31a27c276bb86e79580e7a3b1656a4dd5d064cfd2c817b3eb740b3131d178a1441d8cada7ab518838007af6282d4444eff7b442aa5d93
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
cc9669040bd39f2ee3104f373d620338fced701863b337bc3b34c0e76938311f
-
Size
328KB
-
MD5
810b1cb87816c2303a83599b0cc3846e
-
SHA1
da619255790d8ef9479c6adbdacd85bcfc2e79c2
-
SHA256
cc9669040bd39f2ee3104f373d620338fced701863b337bc3b34c0e76938311f
-
SHA512
8e0013be3551995076c31a27c276bb86e79580e7a3b1656a4dd5d064cfd2c817b3eb740b3131d178a1441d8cada7ab518838007af6282d4444eff7b442aa5d93
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-