General
-
Target
3827ed7531b2b2c20eafeeba500d84cf35a92388ca18fe5a0c171c38778ad5ac
-
Size
255KB
-
Sample
220122-b6m2pahddq
-
MD5
7e17d2005df52ed9c23c916f88e4ab7f
-
SHA1
5bf04d8c68e3c476cabb8dd0c3b19b9c293ecb06
-
SHA256
3827ed7531b2b2c20eafeeba500d84cf35a92388ca18fe5a0c171c38778ad5ac
-
SHA512
86191906c24c9f29a72f7007efd17c1bc2f4881880108682cd54722cd5830670245b4b76d39f070e4d67ca30f7fbd204f28738016b2ba56d35305dab31f9ba22
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
3827ed7531b2b2c20eafeeba500d84cf35a92388ca18fe5a0c171c38778ad5ac
-
Size
255KB
-
MD5
7e17d2005df52ed9c23c916f88e4ab7f
-
SHA1
5bf04d8c68e3c476cabb8dd0c3b19b9c293ecb06
-
SHA256
3827ed7531b2b2c20eafeeba500d84cf35a92388ca18fe5a0c171c38778ad5ac
-
SHA512
86191906c24c9f29a72f7007efd17c1bc2f4881880108682cd54722cd5830670245b4b76d39f070e4d67ca30f7fbd204f28738016b2ba56d35305dab31f9ba22
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-