General
-
Target
46f6a592ad2c7f7fd7b4febd7d5945dde92b39fca05ef4f707a754bbcbf43f02
-
Size
249KB
-
Sample
220123-kesbrsffaq
-
MD5
699f1f7aaace9f5e66e41e0b2a96074e
-
SHA1
cd9b07ed916ba114fc23b7a71ea67b659b91e2a0
-
SHA256
46f6a592ad2c7f7fd7b4febd7d5945dde92b39fca05ef4f707a754bbcbf43f02
-
SHA512
470faae440b4cc5329c8e6428e566f3bac390fbd9833e5036a96797992b9f8db8e69f9c275913a9c87214ec905064ab7a03e5c6e55a82e3af6f066799f741a0f
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
46f6a592ad2c7f7fd7b4febd7d5945dde92b39fca05ef4f707a754bbcbf43f02
-
Size
249KB
-
MD5
699f1f7aaace9f5e66e41e0b2a96074e
-
SHA1
cd9b07ed916ba114fc23b7a71ea67b659b91e2a0
-
SHA256
46f6a592ad2c7f7fd7b4febd7d5945dde92b39fca05ef4f707a754bbcbf43f02
-
SHA512
470faae440b4cc5329c8e6428e566f3bac390fbd9833e5036a96797992b9f8db8e69f9c275913a9c87214ec905064ab7a03e5c6e55a82e3af6f066799f741a0f
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-