General
-
Target
73264353ee71be652774584de4c0a02787fe1e602298d32991c3813a0875f7f6
-
Size
249KB
-
Sample
220123-g1eq1sfbgp
-
MD5
54dc09d153b88ab572dfa01dc518f9c5
-
SHA1
1d62f85281076474ebe91680f444725a6f680d0f
-
SHA256
73264353ee71be652774584de4c0a02787fe1e602298d32991c3813a0875f7f6
-
SHA512
6e1f1acc06e370efe85eaa6b10e8b0d0bec00c194f5a682d95759340d893f2dd7327c4c175139a72530dd3823dface6583eec0badec106353c6f5c9176d6fe8d
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
73264353ee71be652774584de4c0a02787fe1e602298d32991c3813a0875f7f6
-
Size
249KB
-
MD5
54dc09d153b88ab572dfa01dc518f9c5
-
SHA1
1d62f85281076474ebe91680f444725a6f680d0f
-
SHA256
73264353ee71be652774584de4c0a02787fe1e602298d32991c3813a0875f7f6
-
SHA512
6e1f1acc06e370efe85eaa6b10e8b0d0bec00c194f5a682d95759340d893f2dd7327c4c175139a72530dd3823dface6583eec0badec106353c6f5c9176d6fe8d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-