General
-
Target
f6e6cf52ea5a502c1c0af0869b2fa82869dcae538fae0c9df5d73cc4cbb72d33
-
Size
269KB
-
Sample
220123-3qm6asgee4
-
MD5
1006c5e2deb6d817be3bdcc25dfd269b
-
SHA1
15b49d624ffb2dee7b54ceab4fefb46b131b49af
-
SHA256
f6e6cf52ea5a502c1c0af0869b2fa82869dcae538fae0c9df5d73cc4cbb72d33
-
SHA512
2ffe09983233486cf1b946c97fd20df7ba0ccf66f472b298d2621016316aaabf9b9b8b6ef5730ef9c77d869d282c4d46846a8c213d92814b728e6f280ee37b84
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
f6e6cf52ea5a502c1c0af0869b2fa82869dcae538fae0c9df5d73cc4cbb72d33
-
Size
269KB
-
MD5
1006c5e2deb6d817be3bdcc25dfd269b
-
SHA1
15b49d624ffb2dee7b54ceab4fefb46b131b49af
-
SHA256
f6e6cf52ea5a502c1c0af0869b2fa82869dcae538fae0c9df5d73cc4cbb72d33
-
SHA512
2ffe09983233486cf1b946c97fd20df7ba0ccf66f472b298d2621016316aaabf9b9b8b6ef5730ef9c77d869d282c4d46846a8c213d92814b728e6f280ee37b84
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-