General
-
Target
0d9fd0e698d432befd763401bc832d2b59ad3b3386d97294911903c8c6bf781f
-
Size
268KB
-
Sample
220123-rcc8dsgafm
-
MD5
5ef3d2b02557c77e705f22aa0fceffaf
-
SHA1
6d26cf5610f1fe8f08f8fa758bd11168c42ae147
-
SHA256
0d9fd0e698d432befd763401bc832d2b59ad3b3386d97294911903c8c6bf781f
-
SHA512
450dae8af140be9d2a9123276a6ce5f63b1bd227fc1eee9bf34cde078b4f3423b2fc1f146f8f3255a83bcf5408e55ab46dc5108d18196f14d666884d088cca14
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
0d9fd0e698d432befd763401bc832d2b59ad3b3386d97294911903c8c6bf781f
-
Size
268KB
-
MD5
5ef3d2b02557c77e705f22aa0fceffaf
-
SHA1
6d26cf5610f1fe8f08f8fa758bd11168c42ae147
-
SHA256
0d9fd0e698d432befd763401bc832d2b59ad3b3386d97294911903c8c6bf781f
-
SHA512
450dae8af140be9d2a9123276a6ce5f63b1bd227fc1eee9bf34cde078b4f3423b2fc1f146f8f3255a83bcf5408e55ab46dc5108d18196f14d666884d088cca14
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-