General
-
Target
bf418e9d10136deaa2e87d84581030117beb6d292da3f330de44e88378926fc3
-
Size
256KB
-
Sample
220123-d6h4vaeed7
-
MD5
451381b6978f920401007b894b1d5286
-
SHA1
8ece3e990fcfef34bc0377046a5dc29577abe2c1
-
SHA256
bf418e9d10136deaa2e87d84581030117beb6d292da3f330de44e88378926fc3
-
SHA512
3789e90ec8f66ab2cbd192bb7d66cca8b311fe10b368dc95f5a72617eb96d7cd1e2c454a3f755e8b43bc2d55341c4cb7ba2464d8816cc8387ca6e51681566f1a
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
bf418e9d10136deaa2e87d84581030117beb6d292da3f330de44e88378926fc3
-
Size
256KB
-
MD5
451381b6978f920401007b894b1d5286
-
SHA1
8ece3e990fcfef34bc0377046a5dc29577abe2c1
-
SHA256
bf418e9d10136deaa2e87d84581030117beb6d292da3f330de44e88378926fc3
-
SHA512
3789e90ec8f66ab2cbd192bb7d66cca8b311fe10b368dc95f5a72617eb96d7cd1e2c454a3f755e8b43bc2d55341c4cb7ba2464d8816cc8387ca6e51681566f1a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-