General
-
Target
7b6b9cb93374e9ac90ea87a3b026e78b31fc66d80e36cfb802e6c49f4954c54c
-
Size
267KB
-
Sample
220123-k2cjtsffe8
-
MD5
d0e652c05a5e3157d74bf5e2d1a88bd5
-
SHA1
6427e7d725c1589c2f0c0fb15862bf940c735f92
-
SHA256
7b6b9cb93374e9ac90ea87a3b026e78b31fc66d80e36cfb802e6c49f4954c54c
-
SHA512
ff43ea9b4f8f243eab19cc0f25ecdd8df65df30d75874ed3a3ca87312cb7edb3236a533f3a7d5cf8d760c5c09fcc7931b3f4e1ec79f120e9f220ed7f8ca918ef
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
7b6b9cb93374e9ac90ea87a3b026e78b31fc66d80e36cfb802e6c49f4954c54c
-
Size
267KB
-
MD5
d0e652c05a5e3157d74bf5e2d1a88bd5
-
SHA1
6427e7d725c1589c2f0c0fb15862bf940c735f92
-
SHA256
7b6b9cb93374e9ac90ea87a3b026e78b31fc66d80e36cfb802e6c49f4954c54c
-
SHA512
ff43ea9b4f8f243eab19cc0f25ecdd8df65df30d75874ed3a3ca87312cb7edb3236a533f3a7d5cf8d760c5c09fcc7931b3f4e1ec79f120e9f220ed7f8ca918ef
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-