General
-
Target
fe5e449f4a7f459cfd24a3434aeda3b4ff6794f654186ac9f0dc63cf5bf49462
-
Size
268KB
-
Sample
220123-lsh6pafgh3
-
MD5
80d02fdb640a9dd6d5baee4362fc5232
-
SHA1
60a43d7260110c48cd256d8e23e5beb55cbb10b6
-
SHA256
fe5e449f4a7f459cfd24a3434aeda3b4ff6794f654186ac9f0dc63cf5bf49462
-
SHA512
55d5ca89f7e559b1ce0357c0f15916c91fc29122da154cd2ccd489256779b053d7569b1ef2181501d5f98622461bfddfa7634d1eff71e860cc61f4acf8b17f55
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
fe5e449f4a7f459cfd24a3434aeda3b4ff6794f654186ac9f0dc63cf5bf49462
-
Size
268KB
-
MD5
80d02fdb640a9dd6d5baee4362fc5232
-
SHA1
60a43d7260110c48cd256d8e23e5beb55cbb10b6
-
SHA256
fe5e449f4a7f459cfd24a3434aeda3b4ff6794f654186ac9f0dc63cf5bf49462
-
SHA512
55d5ca89f7e559b1ce0357c0f15916c91fc29122da154cd2ccd489256779b053d7569b1ef2181501d5f98622461bfddfa7634d1eff71e860cc61f4acf8b17f55
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-