General
-
Target
937e69c34e7cad889474609f2b98bd9770bb3ec7e7561d231048a3a1b23ebce7
-
Size
329KB
-
Sample
220121-mycrjabef5
-
MD5
03636ee286c63aeba7e0247843646dea
-
SHA1
db11d52f9bbbda9968dae6287078f54bf778ed88
-
SHA256
937e69c34e7cad889474609f2b98bd9770bb3ec7e7561d231048a3a1b23ebce7
-
SHA512
6f24c079a13132619d1998f3f73333206c4b23830855ce60c0c3174fe262da1c704be063d9cdf7c5cd6316a398221767588df139a78336bf2163dcd1e8be2ca3
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
937e69c34e7cad889474609f2b98bd9770bb3ec7e7561d231048a3a1b23ebce7
-
Size
329KB
-
MD5
03636ee286c63aeba7e0247843646dea
-
SHA1
db11d52f9bbbda9968dae6287078f54bf778ed88
-
SHA256
937e69c34e7cad889474609f2b98bd9770bb3ec7e7561d231048a3a1b23ebce7
-
SHA512
6f24c079a13132619d1998f3f73333206c4b23830855ce60c0c3174fe262da1c704be063d9cdf7c5cd6316a398221767588df139a78336bf2163dcd1e8be2ca3
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-