General
-
Target
b227ec6b23da831004fccc29c05471f7832121bc0704e26da04c48f3e3554cee
-
Size
255KB
-
Sample
220122-j3z6vaacb7
-
MD5
0a9588331831de9a208eb009f791b3c4
-
SHA1
2170339d4af529f30e9cb48c363ed47f57f7b7fd
-
SHA256
b227ec6b23da831004fccc29c05471f7832121bc0704e26da04c48f3e3554cee
-
SHA512
cb5f93098e7993f7de1458fc2020bfc0ff616d448bb517d76211bb5d136c2b6c3b2ad234caea5d6d3d1a8bac34871f081fe656a7f2f5b02ba507e87909989264
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
b227ec6b23da831004fccc29c05471f7832121bc0704e26da04c48f3e3554cee
-
Size
255KB
-
MD5
0a9588331831de9a208eb009f791b3c4
-
SHA1
2170339d4af529f30e9cb48c363ed47f57f7b7fd
-
SHA256
b227ec6b23da831004fccc29c05471f7832121bc0704e26da04c48f3e3554cee
-
SHA512
cb5f93098e7993f7de1458fc2020bfc0ff616d448bb517d76211bb5d136c2b6c3b2ad234caea5d6d3d1a8bac34871f081fe656a7f2f5b02ba507e87909989264
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-