General
-
Target
523ab125255aa59fbfb17e2c5acd8b99a21256ee171fcaaad81b26dedd79b3f9
-
Size
269KB
-
Sample
220123-1x5yksgdel
-
MD5
1711bc25b17dfb7f4b803515170604f0
-
SHA1
0035a2fbd7b082aa425b2c086f5a4cbdd8d8d767
-
SHA256
523ab125255aa59fbfb17e2c5acd8b99a21256ee171fcaaad81b26dedd79b3f9
-
SHA512
1deec43fd3e363bfc1ced0c47dea0493679bf85f83aa308ebcee52050ac440c9b2927d2429e53945889b2239c102cb5fcb8e9dc9e2e061f2673e7abb68616ea6
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
523ab125255aa59fbfb17e2c5acd8b99a21256ee171fcaaad81b26dedd79b3f9
-
Size
269KB
-
MD5
1711bc25b17dfb7f4b803515170604f0
-
SHA1
0035a2fbd7b082aa425b2c086f5a4cbdd8d8d767
-
SHA256
523ab125255aa59fbfb17e2c5acd8b99a21256ee171fcaaad81b26dedd79b3f9
-
SHA512
1deec43fd3e363bfc1ced0c47dea0493679bf85f83aa308ebcee52050ac440c9b2927d2429e53945889b2239c102cb5fcb8e9dc9e2e061f2673e7abb68616ea6
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-