General
-
Target
43932492e90ccbe8c51514e481a2c8de5b14d95c04b6f1801615133336720279
-
Size
256KB
-
Sample
220123-cz9gsaedhn
-
MD5
e0574516e0ceacd2f4c2021df67d4e62
-
SHA1
9af4e55f9ce468ea178dfd7b9c0b4e0a6ba3988d
-
SHA256
43932492e90ccbe8c51514e481a2c8de5b14d95c04b6f1801615133336720279
-
SHA512
c63bde60373af6a424e78a75143a3b48ec87710ce7b434ee6cd141f15cd060cd0b19a3132528f4a001ccd8c4d1d13f2c959d1f5c5c0ae71888589f69fc2e4179
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
43932492e90ccbe8c51514e481a2c8de5b14d95c04b6f1801615133336720279
-
Size
256KB
-
MD5
e0574516e0ceacd2f4c2021df67d4e62
-
SHA1
9af4e55f9ce468ea178dfd7b9c0b4e0a6ba3988d
-
SHA256
43932492e90ccbe8c51514e481a2c8de5b14d95c04b6f1801615133336720279
-
SHA512
c63bde60373af6a424e78a75143a3b48ec87710ce7b434ee6cd141f15cd060cd0b19a3132528f4a001ccd8c4d1d13f2c959d1f5c5c0ae71888589f69fc2e4179
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-