General
-
Target
e7b20cc0310fc79398cd8da897b4e4bb59607cc2e847dcc5b9a29fee033ac80c
-
Size
329KB
-
Sample
220121-s9chssaae5
-
MD5
402dc6034540fdbee3dcbadfafe14440
-
SHA1
c8bfa69a99a926a4b1d8b3b6c4e6d08f536e69f5
-
SHA256
e7b20cc0310fc79398cd8da897b4e4bb59607cc2e847dcc5b9a29fee033ac80c
-
SHA512
5da53b38706597a6362cd61bfae43ab58379a46a5991d078bb9cda6ce8499e8ece6bb0888c4033185b4ab755eeccda232dfeafa8fd82c00151c3c43e6917da5b
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
e7b20cc0310fc79398cd8da897b4e4bb59607cc2e847dcc5b9a29fee033ac80c
-
Size
329KB
-
MD5
402dc6034540fdbee3dcbadfafe14440
-
SHA1
c8bfa69a99a926a4b1d8b3b6c4e6d08f536e69f5
-
SHA256
e7b20cc0310fc79398cd8da897b4e4bb59607cc2e847dcc5b9a29fee033ac80c
-
SHA512
5da53b38706597a6362cd61bfae43ab58379a46a5991d078bb9cda6ce8499e8ece6bb0888c4033185b4ab755eeccda232dfeafa8fd82c00151c3c43e6917da5b
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-