General
-
Target
a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86
-
Size
255KB
-
Sample
220122-f4k7jahgd6
-
MD5
2164d11ac4bece1ee6b8b27439067db1
-
SHA1
5640beeddf1ffeef5cf9e92ad09f83eb5ebd3ce0
-
SHA256
a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86
-
SHA512
a64c180affb82fb76d95bde7f5be53fd659313238f9e6b533c5fd69e62fac37f0a0e0c2a94bc043f9eafb544da0213a5b37b8d31b5b3795953ebdab28ff0ce89
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86
-
Size
255KB
-
MD5
2164d11ac4bece1ee6b8b27439067db1
-
SHA1
5640beeddf1ffeef5cf9e92ad09f83eb5ebd3ce0
-
SHA256
a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86
-
SHA512
a64c180affb82fb76d95bde7f5be53fd659313238f9e6b533c5fd69e62fac37f0a0e0c2a94bc043f9eafb544da0213a5b37b8d31b5b3795953ebdab28ff0ce89
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-