General
-
Target
9d7bbb59422d34095ea0d9b7ec3361df71ff83e1a570de1b2fdd834ca0581d38
-
Size
255KB
-
Sample
220122-elgwqahec6
-
MD5
6ef3fad016ae4ab63c5615bcd8b958c0
-
SHA1
c51837405cc2b4500b9bdcbf6e50b25020c4545b
-
SHA256
9d7bbb59422d34095ea0d9b7ec3361df71ff83e1a570de1b2fdd834ca0581d38
-
SHA512
d1d808976ce9188b3c8249e206c62a56b5c489a793ae79239f57fc18507e13d32b4bcbdf72ceb60524419254a06568a9f479ccda3363f86c0781f82d93e97a64
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
9d7bbb59422d34095ea0d9b7ec3361df71ff83e1a570de1b2fdd834ca0581d38
-
Size
255KB
-
MD5
6ef3fad016ae4ab63c5615bcd8b958c0
-
SHA1
c51837405cc2b4500b9bdcbf6e50b25020c4545b
-
SHA256
9d7bbb59422d34095ea0d9b7ec3361df71ff83e1a570de1b2fdd834ca0581d38
-
SHA512
d1d808976ce9188b3c8249e206c62a56b5c489a793ae79239f57fc18507e13d32b4bcbdf72ceb60524419254a06568a9f479ccda3363f86c0781f82d93e97a64
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-