General
-
Target
24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8
-
Size
249KB
-
Sample
220123-gawlvafagl
-
MD5
456487527bafc78d7164633c1cfc3d90
-
SHA1
34f2e95fcae0f60736fe77609e987c7a6a858df0
-
SHA256
24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8
-
SHA512
1da0262881bc863af94d968dbf0ddba14786d7a27fe4568bc9e5fbbf65629999c0fda40397bb80801cba64983a905bbec3d999954176e857b4596d7e4aceee29
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8
-
Size
249KB
-
MD5
456487527bafc78d7164633c1cfc3d90
-
SHA1
34f2e95fcae0f60736fe77609e987c7a6a858df0
-
SHA256
24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8
-
SHA512
1da0262881bc863af94d968dbf0ddba14786d7a27fe4568bc9e5fbbf65629999c0fda40397bb80801cba64983a905bbec3d999954176e857b4596d7e4aceee29
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-