General
-
Target
a761d370a1cb9586013899d7099208cdfda20de4d0ed22d710300f7878f510ff
-
Size
264KB
-
Sample
220122-lmb57aadg6
-
MD5
67fa3c303a36da00cc221236143f3adb
-
SHA1
bce18746d12da6f7eb765a8172a884b26dac0341
-
SHA256
a761d370a1cb9586013899d7099208cdfda20de4d0ed22d710300f7878f510ff
-
SHA512
6489ff5956ebc616c6e45baf23bce8f75d096f66aac3e16a0e368789eb88ae69eb3435dfaa742714180f55ac93de8a7e972873123d4520a05b521a552d3b101a
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
a761d370a1cb9586013899d7099208cdfda20de4d0ed22d710300f7878f510ff
-
Size
264KB
-
MD5
67fa3c303a36da00cc221236143f3adb
-
SHA1
bce18746d12da6f7eb765a8172a884b26dac0341
-
SHA256
a761d370a1cb9586013899d7099208cdfda20de4d0ed22d710300f7878f510ff
-
SHA512
6489ff5956ebc616c6e45baf23bce8f75d096f66aac3e16a0e368789eb88ae69eb3435dfaa742714180f55ac93de8a7e972873123d4520a05b521a552d3b101a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-