General
-
Target
35ee98f6efd5e686a26e50dfe1ae62c00ccd7aa049789535d76dc1ed640f0da2
-
Size
255KB
-
Sample
220122-ldv7psafbj
-
MD5
7bb747762ec918f3285203b747e01365
-
SHA1
c6464e8bf5258317f28bc60921d189cfd866a865
-
SHA256
35ee98f6efd5e686a26e50dfe1ae62c00ccd7aa049789535d76dc1ed640f0da2
-
SHA512
e08a12acac87724fcbf2be8d3326f04466b51025a95c9d29a3fad77ae1d9fb46d09d915c00a1609a7b8f8377a3df24778329406910c0f7aa145dfc0bcbe2a4c7
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
35ee98f6efd5e686a26e50dfe1ae62c00ccd7aa049789535d76dc1ed640f0da2
-
Size
255KB
-
MD5
7bb747762ec918f3285203b747e01365
-
SHA1
c6464e8bf5258317f28bc60921d189cfd866a865
-
SHA256
35ee98f6efd5e686a26e50dfe1ae62c00ccd7aa049789535d76dc1ed640f0da2
-
SHA512
e08a12acac87724fcbf2be8d3326f04466b51025a95c9d29a3fad77ae1d9fb46d09d915c00a1609a7b8f8377a3df24778329406910c0f7aa145dfc0bcbe2a4c7
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-