General
-
Target
35a0f488557a4a6e9fcc96ea7fb4bcd9ea27ac9d0aff4b638efd3207c60c4a5c
-
Size
255KB
-
Sample
220122-g9pycaabbn
-
MD5
b19bdd3ad3eac66f98647b6e859ddc3e
-
SHA1
9f4089691ca8531b56e96be18d223dcfb9c46a34
-
SHA256
35a0f488557a4a6e9fcc96ea7fb4bcd9ea27ac9d0aff4b638efd3207c60c4a5c
-
SHA512
aaffa43e641097934f72daf1695221882ce40f26a5a4704025b7b4423792bd2263d47da0ac8984f52d7e60876fea872b8aa8840070e718c51d5322a1cca0264b
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
35a0f488557a4a6e9fcc96ea7fb4bcd9ea27ac9d0aff4b638efd3207c60c4a5c
-
Size
255KB
-
MD5
b19bdd3ad3eac66f98647b6e859ddc3e
-
SHA1
9f4089691ca8531b56e96be18d223dcfb9c46a34
-
SHA256
35a0f488557a4a6e9fcc96ea7fb4bcd9ea27ac9d0aff4b638efd3207c60c4a5c
-
SHA512
aaffa43e641097934f72daf1695221882ce40f26a5a4704025b7b4423792bd2263d47da0ac8984f52d7e60876fea872b8aa8840070e718c51d5322a1cca0264b
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-