General
-
Target
075575cfa5c10e6cdad8193c082d006ff191272408bba24b4d2831c22136df55
-
Size
329KB
-
Sample
220121-yf637sbbfl
-
MD5
40b5dcfffc4a8477fd1e6c8df3d48eaa
-
SHA1
24e31b5136fa02d7c6dc2ccc38d67398c655c1c5
-
SHA256
075575cfa5c10e6cdad8193c082d006ff191272408bba24b4d2831c22136df55
-
SHA512
6767f160c7a8ea744d8124bfe3d7640ab89bcbcc9a8c9eec06b3cd75d39d84aeab62dd518d1020ec448dc89d7613b2c3287ddd6f9ede5c109c01c430c81fc22d
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
075575cfa5c10e6cdad8193c082d006ff191272408bba24b4d2831c22136df55
-
Size
329KB
-
MD5
40b5dcfffc4a8477fd1e6c8df3d48eaa
-
SHA1
24e31b5136fa02d7c6dc2ccc38d67398c655c1c5
-
SHA256
075575cfa5c10e6cdad8193c082d006ff191272408bba24b4d2831c22136df55
-
SHA512
6767f160c7a8ea744d8124bfe3d7640ab89bcbcc9a8c9eec06b3cd75d39d84aeab62dd518d1020ec448dc89d7613b2c3287ddd6f9ede5c109c01c430c81fc22d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-