General
-
Target
cca7e4d4b8f7b7f40d8492d2dc8a224d22630a3a51d9ddbff39bc9db12ca5ad3
-
Size
267KB
-
Sample
220123-mva4jafher
-
MD5
0dd37e331ca230ccfb13a7c4b5509d6e
-
SHA1
bba35d4df7631d0101c78cbd208ae35138a8ee6e
-
SHA256
cca7e4d4b8f7b7f40d8492d2dc8a224d22630a3a51d9ddbff39bc9db12ca5ad3
-
SHA512
dd6f68492bf20edf781b009fd202f8ebc154c0f026487895c36a69f197956f9aacdd49391b77288262c16b4c3375242fe00cfe64fb70929a968f402862eb15ae
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
cca7e4d4b8f7b7f40d8492d2dc8a224d22630a3a51d9ddbff39bc9db12ca5ad3
-
Size
267KB
-
MD5
0dd37e331ca230ccfb13a7c4b5509d6e
-
SHA1
bba35d4df7631d0101c78cbd208ae35138a8ee6e
-
SHA256
cca7e4d4b8f7b7f40d8492d2dc8a224d22630a3a51d9ddbff39bc9db12ca5ad3
-
SHA512
dd6f68492bf20edf781b009fd202f8ebc154c0f026487895c36a69f197956f9aacdd49391b77288262c16b4c3375242fe00cfe64fb70929a968f402862eb15ae
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-