General
-
Target
7ba154deffd33715248a386fe7fed944b98ced107b94f157a30732fe11bddda3
-
Size
256KB
-
Sample
220122-16egzsddd3
-
MD5
4fb97db69b14fcce3b69e6c5799e8b82
-
SHA1
17e69e72c3ee25891c1450410150f8ddbcde0634
-
SHA256
7ba154deffd33715248a386fe7fed944b98ced107b94f157a30732fe11bddda3
-
SHA512
80f08dc08ba7d8866885f3f05805ae92096054b431f945577afcb3e125f51cc14e2632c448f547cc6ad15fb41e0f1f8c6ca4db446f1d9a576fb25facd4efb24a
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
7ba154deffd33715248a386fe7fed944b98ced107b94f157a30732fe11bddda3
-
Size
256KB
-
MD5
4fb97db69b14fcce3b69e6c5799e8b82
-
SHA1
17e69e72c3ee25891c1450410150f8ddbcde0634
-
SHA256
7ba154deffd33715248a386fe7fed944b98ced107b94f157a30732fe11bddda3
-
SHA512
80f08dc08ba7d8866885f3f05805ae92096054b431f945577afcb3e125f51cc14e2632c448f547cc6ad15fb41e0f1f8c6ca4db446f1d9a576fb25facd4efb24a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-