General
-
Target
fde33881305e8034200d14a6f4f87be89b7fc31c97bbfe126c0abb79dd59ece1
-
Size
256KB
-
Sample
220122-ppkf5abbbp
-
MD5
72b3285b70caa9cfdeaf5e66fa4230f9
-
SHA1
ac57d34d73959cfe5d7998b5d17c2e5093e6dceb
-
SHA256
fde33881305e8034200d14a6f4f87be89b7fc31c97bbfe126c0abb79dd59ece1
-
SHA512
b23ab543f73dd31d4dfaf3669b360d85389563e8afb4308a8f60b1a0328fbafb01df6a270b6bde1e2e243db5588683c4540615fe77edd7ff0afc2281fce78098
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
fde33881305e8034200d14a6f4f87be89b7fc31c97bbfe126c0abb79dd59ece1
-
Size
256KB
-
MD5
72b3285b70caa9cfdeaf5e66fa4230f9
-
SHA1
ac57d34d73959cfe5d7998b5d17c2e5093e6dceb
-
SHA256
fde33881305e8034200d14a6f4f87be89b7fc31c97bbfe126c0abb79dd59ece1
-
SHA512
b23ab543f73dd31d4dfaf3669b360d85389563e8afb4308a8f60b1a0328fbafb01df6a270b6bde1e2e243db5588683c4540615fe77edd7ff0afc2281fce78098
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-