General
-
Target
5e89a9366b2c4fd17aa972a03b08a5a9a54fdc9499081b35ec1f162adf70d997
-
Size
267KB
-
Sample
220123-nmzmlagab4
-
MD5
3adaacd89eab091b9e850985ed9c7f53
-
SHA1
5d7c0007a1f503824b18ae8f6b56fd6a8b9235b1
-
SHA256
5e89a9366b2c4fd17aa972a03b08a5a9a54fdc9499081b35ec1f162adf70d997
-
SHA512
4f3654d9da122c3af195f403568bc1ad433c7958e07e8b9fff0d0b30abb986f2985c6326a3bfcf17275ad6051327c9da9b5182fa7bd2aab7140f5f2175b6af36
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
5e89a9366b2c4fd17aa972a03b08a5a9a54fdc9499081b35ec1f162adf70d997
-
Size
267KB
-
MD5
3adaacd89eab091b9e850985ed9c7f53
-
SHA1
5d7c0007a1f503824b18ae8f6b56fd6a8b9235b1
-
SHA256
5e89a9366b2c4fd17aa972a03b08a5a9a54fdc9499081b35ec1f162adf70d997
-
SHA512
4f3654d9da122c3af195f403568bc1ad433c7958e07e8b9fff0d0b30abb986f2985c6326a3bfcf17275ad6051327c9da9b5182fa7bd2aab7140f5f2175b6af36
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-