General
-
Target
0189ff460863100d56eedf38e072d01b4e647508975f500de15e04060c35a1d4
-
Size
329KB
-
Sample
220121-rcdh6ahfc9
-
MD5
6da5b2a8f99f39f9803e3f65350ad638
-
SHA1
d4f47974c1906f1ee1d226d9bbda1fd67655c244
-
SHA256
0189ff460863100d56eedf38e072d01b4e647508975f500de15e04060c35a1d4
-
SHA512
ec7fec9dad7cdcbfc296242d623a354624a2875fe0e636aa2fbed24b6948306b8c7754084d7157d53519652e4353107d13e6478c54d09ae3c0b3af7f7616ca6d
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
0189ff460863100d56eedf38e072d01b4e647508975f500de15e04060c35a1d4
-
Size
329KB
-
MD5
6da5b2a8f99f39f9803e3f65350ad638
-
SHA1
d4f47974c1906f1ee1d226d9bbda1fd67655c244
-
SHA256
0189ff460863100d56eedf38e072d01b4e647508975f500de15e04060c35a1d4
-
SHA512
ec7fec9dad7cdcbfc296242d623a354624a2875fe0e636aa2fbed24b6948306b8c7754084d7157d53519652e4353107d13e6478c54d09ae3c0b3af7f7616ca6d
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Sets service image path in registry
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-