General
-
Target
a846ed0805ad41f5b7ca5c6a29778b053876031b067f4ad3025eee30df859a45
-
Size
329KB
-
Sample
220121-qn4ztahgbp
-
MD5
38160d07457f459f0cfbdaf19ff2f13b
-
SHA1
caaaf737a001b69112ab27193e2eda9b1e5692c1
-
SHA256
a846ed0805ad41f5b7ca5c6a29778b053876031b067f4ad3025eee30df859a45
-
SHA512
d98aed4cfe438e6ea5df2317dbe764f90a0563443ef1aa85cccca657240d74fa9777668c0e4a68154c1c4ffbca47a3c15b979a3806ed506efa4ce203a846e088
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
a846ed0805ad41f5b7ca5c6a29778b053876031b067f4ad3025eee30df859a45
-
Size
329KB
-
MD5
38160d07457f459f0cfbdaf19ff2f13b
-
SHA1
caaaf737a001b69112ab27193e2eda9b1e5692c1
-
SHA256
a846ed0805ad41f5b7ca5c6a29778b053876031b067f4ad3025eee30df859a45
-
SHA512
d98aed4cfe438e6ea5df2317dbe764f90a0563443ef1aa85cccca657240d74fa9777668c0e4a68154c1c4ffbca47a3c15b979a3806ed506efa4ce203a846e088
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-