General
-
Target
e4a44da1ecc8b4a1cb76931ab5d44e480f870d0ecbbdb77c670baa80ece3c6f8
-
Size
265KB
-
Sample
220122-m3lv1aagfm
-
MD5
7f33f91091be06237de296ffe356f85a
-
SHA1
8a0570500c7c9601c8a02994348ff68b40edfecd
-
SHA256
e4a44da1ecc8b4a1cb76931ab5d44e480f870d0ecbbdb77c670baa80ece3c6f8
-
SHA512
1139123732ff839de32518fe6d38efb0dd78b87ce74320a5059cfa3df7e05766729dbf86b8233e52896c5b1d707120e720b0724273624dfb78def57711ad2b38
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
e4a44da1ecc8b4a1cb76931ab5d44e480f870d0ecbbdb77c670baa80ece3c6f8
-
Size
265KB
-
MD5
7f33f91091be06237de296ffe356f85a
-
SHA1
8a0570500c7c9601c8a02994348ff68b40edfecd
-
SHA256
e4a44da1ecc8b4a1cb76931ab5d44e480f870d0ecbbdb77c670baa80ece3c6f8
-
SHA512
1139123732ff839de32518fe6d38efb0dd78b87ce74320a5059cfa3df7e05766729dbf86b8233e52896c5b1d707120e720b0724273624dfb78def57711ad2b38
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-