General
-
Target
162ea4a8974f5720eb8d19de56fc06cdec45c002fe0aaa10f12ce62a9451cb55
-
Size
256KB
-
Sample
220122-rgwwasbfhj
-
MD5
49350de1aab91a7585153938d177c826
-
SHA1
9876f009a1b597a5dfc25f21a06e8d363fa10e69
-
SHA256
162ea4a8974f5720eb8d19de56fc06cdec45c002fe0aaa10f12ce62a9451cb55
-
SHA512
36281ce50740eb90bf7c2f0787f5ebef124eb7b82b2cad9099eb206eefec4eaa495c4c843a8f96bb5d93d29223ec5ae8e78133255df3de4d96be05b37eac237d
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
162ea4a8974f5720eb8d19de56fc06cdec45c002fe0aaa10f12ce62a9451cb55
-
Size
256KB
-
MD5
49350de1aab91a7585153938d177c826
-
SHA1
9876f009a1b597a5dfc25f21a06e8d363fa10e69
-
SHA256
162ea4a8974f5720eb8d19de56fc06cdec45c002fe0aaa10f12ce62a9451cb55
-
SHA512
36281ce50740eb90bf7c2f0787f5ebef124eb7b82b2cad9099eb206eefec4eaa495c4c843a8f96bb5d93d29223ec5ae8e78133255df3de4d96be05b37eac237d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-