General
-
Target
09e5d3165ffdd8605f0d7ccfdf00b08bf992a431602b265cf43f32182a2b9e50
-
Size
255KB
-
Sample
220123-dg5asaeeen
-
MD5
9c9f80570f4744dbd5ac6e7ca870688b
-
SHA1
2f491ad973bd43016502e00c9b6747f2a78b57e0
-
SHA256
09e5d3165ffdd8605f0d7ccfdf00b08bf992a431602b265cf43f32182a2b9e50
-
SHA512
0a430cd3ceb3a77f11d5c0e204cb6145e477dddaba3748c783460d33a3b849d2f95f6dea8b24e1e3dadb04fd103c7c038e936a5a771379dc48bd7fc08342921a
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
09e5d3165ffdd8605f0d7ccfdf00b08bf992a431602b265cf43f32182a2b9e50
-
Size
255KB
-
MD5
9c9f80570f4744dbd5ac6e7ca870688b
-
SHA1
2f491ad973bd43016502e00c9b6747f2a78b57e0
-
SHA256
09e5d3165ffdd8605f0d7ccfdf00b08bf992a431602b265cf43f32182a2b9e50
-
SHA512
0a430cd3ceb3a77f11d5c0e204cb6145e477dddaba3748c783460d33a3b849d2f95f6dea8b24e1e3dadb04fd103c7c038e936a5a771379dc48bd7fc08342921a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-