General
-
Target
a8b62c5eeaf98d0e7b13c60a39f92904182c7de8dd330f9b2eb7382642eeb7bf
-
Size
329KB
-
Sample
220121-xkaecsaga8
-
MD5
18fd70b5d281f4f91aed02fc9bf17a8d
-
SHA1
36b6ba41d1f93b1d1cba0052bce17bd4908b73a4
-
SHA256
a8b62c5eeaf98d0e7b13c60a39f92904182c7de8dd330f9b2eb7382642eeb7bf
-
SHA512
f83f377f34370cd9e86226d3c8b5e9b921808304d04719af0887585b8c51f556f779a3aff11d37d3c103110bf0560342b7ea6700fc4cbbabd7432fb0cbe4104d
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
a8b62c5eeaf98d0e7b13c60a39f92904182c7de8dd330f9b2eb7382642eeb7bf
-
Size
329KB
-
MD5
18fd70b5d281f4f91aed02fc9bf17a8d
-
SHA1
36b6ba41d1f93b1d1cba0052bce17bd4908b73a4
-
SHA256
a8b62c5eeaf98d0e7b13c60a39f92904182c7de8dd330f9b2eb7382642eeb7bf
-
SHA512
f83f377f34370cd9e86226d3c8b5e9b921808304d04719af0887585b8c51f556f779a3aff11d37d3c103110bf0560342b7ea6700fc4cbbabd7432fb0cbe4104d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-