General
-
Target
92f1c139cf2ec28c65862557c88d202ba72577e2a9c2c0161dc4e6f90b63076f
-
Size
328KB
-
Sample
220121-v8detaadh6
-
MD5
1e21be794ba44648e8d58d201d6e5593
-
SHA1
ea135e084aff6813bc743fe51fe4e1f3a2277ac9
-
SHA256
92f1c139cf2ec28c65862557c88d202ba72577e2a9c2c0161dc4e6f90b63076f
-
SHA512
8de25058347a136b8c60e2b29ed1e820ff8d43647e46a6f68d89a077d1cbbf22bf8516ed3b759f2b8e467e6fe2f128c4b312d15b05185f2a856927f92fbdc656
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
92f1c139cf2ec28c65862557c88d202ba72577e2a9c2c0161dc4e6f90b63076f
-
Size
328KB
-
MD5
1e21be794ba44648e8d58d201d6e5593
-
SHA1
ea135e084aff6813bc743fe51fe4e1f3a2277ac9
-
SHA256
92f1c139cf2ec28c65862557c88d202ba72577e2a9c2c0161dc4e6f90b63076f
-
SHA512
8de25058347a136b8c60e2b29ed1e820ff8d43647e46a6f68d89a077d1cbbf22bf8516ed3b759f2b8e467e6fe2f128c4b312d15b05185f2a856927f92fbdc656
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-