General
-
Target
40fe2e71e8a2b1dacda5bfdd2e718281cadfb2fca96286bb617ed16183a4bb31
-
Size
267KB
-
Sample
220123-n2bt3sgac3
-
MD5
9e4eb301978e7ea27f07010af775b19c
-
SHA1
a9177d777d109264e4ab11f9e8ed6fb1b6ebefee
-
SHA256
40fe2e71e8a2b1dacda5bfdd2e718281cadfb2fca96286bb617ed16183a4bb31
-
SHA512
01406a90ba18e331c76f1dbc1074e9d27f1913d4727eee02d7803a64621e9bf4b4f31f23f3f4ff8451c2776ccf2290d7c72c9b470cddd585916045840be0e75e
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
40fe2e71e8a2b1dacda5bfdd2e718281cadfb2fca96286bb617ed16183a4bb31
-
Size
267KB
-
MD5
9e4eb301978e7ea27f07010af775b19c
-
SHA1
a9177d777d109264e4ab11f9e8ed6fb1b6ebefee
-
SHA256
40fe2e71e8a2b1dacda5bfdd2e718281cadfb2fca96286bb617ed16183a4bb31
-
SHA512
01406a90ba18e331c76f1dbc1074e9d27f1913d4727eee02d7803a64621e9bf4b4f31f23f3f4ff8451c2776ccf2290d7c72c9b470cddd585916045840be0e75e
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-