General
-
Target
28500371a121fbec1892189f8dcf5ad3e29db577b3d538d15276b23e17b15f7b
-
Size
267KB
-
Sample
220123-tccyqsgbf7
-
MD5
99975cc20d85acc9b2bf2d199069a123
-
SHA1
6fb4e06db0107fc7609595c2562f60e4072d61fe
-
SHA256
28500371a121fbec1892189f8dcf5ad3e29db577b3d538d15276b23e17b15f7b
-
SHA512
08195ad5890628b071bf1aa7cf6dd0e3acf95fc5acfd614126f4a33c36147cc0f8122ea416729a7efb5ee537e97f16f7ff32d2e129af6f43818d1da9ae8f9d1e
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
28500371a121fbec1892189f8dcf5ad3e29db577b3d538d15276b23e17b15f7b
-
Size
267KB
-
MD5
99975cc20d85acc9b2bf2d199069a123
-
SHA1
6fb4e06db0107fc7609595c2562f60e4072d61fe
-
SHA256
28500371a121fbec1892189f8dcf5ad3e29db577b3d538d15276b23e17b15f7b
-
SHA512
08195ad5890628b071bf1aa7cf6dd0e3acf95fc5acfd614126f4a33c36147cc0f8122ea416729a7efb5ee537e97f16f7ff32d2e129af6f43818d1da9ae8f9d1e
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-