General
-
Target
420986181d606937b8434fdd13f0c262381d4eafde471509b5da741e39ce3ef8
-
Size
255KB
-
Sample
220122-3fy5tadgdq
-
MD5
274c42e8ea8f8e2bbd8018ff68783bb0
-
SHA1
e4f289453f09c0ccc4b502a6c47984badc64877c
-
SHA256
420986181d606937b8434fdd13f0c262381d4eafde471509b5da741e39ce3ef8
-
SHA512
55bf118afd000adbc72653b2f41c78b2a65f6ef634f8533328ad8f4322c36ac90b5760f1c058b1b5df7df3468da6cee9466d270b859f69d4b4baef80f1c79828
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
420986181d606937b8434fdd13f0c262381d4eafde471509b5da741e39ce3ef8
-
Size
255KB
-
MD5
274c42e8ea8f8e2bbd8018ff68783bb0
-
SHA1
e4f289453f09c0ccc4b502a6c47984badc64877c
-
SHA256
420986181d606937b8434fdd13f0c262381d4eafde471509b5da741e39ce3ef8
-
SHA512
55bf118afd000adbc72653b2f41c78b2a65f6ef634f8533328ad8f4322c36ac90b5760f1c058b1b5df7df3468da6cee9466d270b859f69d4b4baef80f1c79828
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-