General
-
Target
535daa6c0837a33e12b2c509539dd49a652cb1ac1c9dc4f158b8bcb09dee8ba5
-
Size
328KB
-
Sample
220121-vw9bqaafhl
-
MD5
6bff5eb446a9178b8bcf8465e2c91412
-
SHA1
11ab4e21a94892eeb3d95f61405c0e712b47fee4
-
SHA256
535daa6c0837a33e12b2c509539dd49a652cb1ac1c9dc4f158b8bcb09dee8ba5
-
SHA512
69c08b4d160f01d74a353904d9d5ed1174ef9e102087662c7668b261055f499839d048e7858f373ba756df80c60379e99f1cbc24128af46a1dd4b6acae9e6de9
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
535daa6c0837a33e12b2c509539dd49a652cb1ac1c9dc4f158b8bcb09dee8ba5
-
Size
328KB
-
MD5
6bff5eb446a9178b8bcf8465e2c91412
-
SHA1
11ab4e21a94892eeb3d95f61405c0e712b47fee4
-
SHA256
535daa6c0837a33e12b2c509539dd49a652cb1ac1c9dc4f158b8bcb09dee8ba5
-
SHA512
69c08b4d160f01d74a353904d9d5ed1174ef9e102087662c7668b261055f499839d048e7858f373ba756df80c60379e99f1cbc24128af46a1dd4b6acae9e6de9
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-