General
-
Target
d6371b26f0bfb486de78d9617bafb8a5c64534a13ef2fb1dfce67d782d77f5e3
-
Size
327KB
-
Sample
220121-lnsjkafac2
-
MD5
40361ac1f920b4a827d220d0d9f4375b
-
SHA1
4bbb651b1d9872365031216e69201d890834dc5d
-
SHA256
d6371b26f0bfb486de78d9617bafb8a5c64534a13ef2fb1dfce67d782d77f5e3
-
SHA512
2ecb8454df2881686250454779c6e4ba7ab39d482910419a34474ab9e7c176a318a2d8a7c351261d44ac4e59c629bc79a6aed73ba956f0a0c292503937d2ad21
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
d6371b26f0bfb486de78d9617bafb8a5c64534a13ef2fb1dfce67d782d77f5e3
-
Size
327KB
-
MD5
40361ac1f920b4a827d220d0d9f4375b
-
SHA1
4bbb651b1d9872365031216e69201d890834dc5d
-
SHA256
d6371b26f0bfb486de78d9617bafb8a5c64534a13ef2fb1dfce67d782d77f5e3
-
SHA512
2ecb8454df2881686250454779c6e4ba7ab39d482910419a34474ab9e7c176a318a2d8a7c351261d44ac4e59c629bc79a6aed73ba956f0a0c292503937d2ad21
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-