General
-
Target
faad39f191f55e9de5aefda801ac153bc825251dc8a69dabbf320cc6d44faffe
-
Size
265KB
-
Sample
220122-nx9kjsagb8
-
MD5
1379413573a2250ce3ddab0d0c29da9c
-
SHA1
df2d1f047bc2e239684fb2f7dd8526dc679afd59
-
SHA256
faad39f191f55e9de5aefda801ac153bc825251dc8a69dabbf320cc6d44faffe
-
SHA512
9188bc0892998261448c27fef21429648759296ea5d5b02c576a37b94288f45aa18ec8daa78897a91230481939ebd2337d81170f83da7d7f289233225674b200
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
faad39f191f55e9de5aefda801ac153bc825251dc8a69dabbf320cc6d44faffe
-
Size
265KB
-
MD5
1379413573a2250ce3ddab0d0c29da9c
-
SHA1
df2d1f047bc2e239684fb2f7dd8526dc679afd59
-
SHA256
faad39f191f55e9de5aefda801ac153bc825251dc8a69dabbf320cc6d44faffe
-
SHA512
9188bc0892998261448c27fef21429648759296ea5d5b02c576a37b94288f45aa18ec8daa78897a91230481939ebd2337d81170f83da7d7f289233225674b200
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-