General
-
Target
2c562b3d094636c72e0ff8cc4fbd1599177fd90ff6ba6969226c2e0e167f7803
-
Size
256KB
-
Sample
220123-elkbvaefb8
-
MD5
54743cba3fb0c6c6722451b5fc0c276a
-
SHA1
8ad04d8f3eab51fa284e6987ded3f3668a63125f
-
SHA256
2c562b3d094636c72e0ff8cc4fbd1599177fd90ff6ba6969226c2e0e167f7803
-
SHA512
ca8238e28f2ef1b9841af7ce0b31f50ef783715ecede5f139f2abeb51e463bf0cb899ccb110a91e2ffdd257e83beeeb7f4181c40f9bcdf133eeede3bc69361b5
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
2c562b3d094636c72e0ff8cc4fbd1599177fd90ff6ba6969226c2e0e167f7803
-
Size
256KB
-
MD5
54743cba3fb0c6c6722451b5fc0c276a
-
SHA1
8ad04d8f3eab51fa284e6987ded3f3668a63125f
-
SHA256
2c562b3d094636c72e0ff8cc4fbd1599177fd90ff6ba6969226c2e0e167f7803
-
SHA512
ca8238e28f2ef1b9841af7ce0b31f50ef783715ecede5f139f2abeb51e463bf0cb899ccb110a91e2ffdd257e83beeeb7f4181c40f9bcdf133eeede3bc69361b5
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-