General
-
Target
77de9b20cf3371f1fbf156b7628cbe845f688c155f28cc6d28420541f64177f3
-
Size
268KB
-
Sample
220123-vhkq7sgcb7
-
MD5
f31527eb112262f12f4ab1c7339f36c3
-
SHA1
f99f2c3753ab39820ad2bb52b6e568b1fa0c2321
-
SHA256
77de9b20cf3371f1fbf156b7628cbe845f688c155f28cc6d28420541f64177f3
-
SHA512
104ec158fd1aa9be2ce3b8b703445268724697011c27e044da54bcaa116ecb6e3509c2b8adc8e95d54e750d2af094eb06330f847e67eb6e5bba5003ecad27439
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
77de9b20cf3371f1fbf156b7628cbe845f688c155f28cc6d28420541f64177f3
-
Size
268KB
-
MD5
f31527eb112262f12f4ab1c7339f36c3
-
SHA1
f99f2c3753ab39820ad2bb52b6e568b1fa0c2321
-
SHA256
77de9b20cf3371f1fbf156b7628cbe845f688c155f28cc6d28420541f64177f3
-
SHA512
104ec158fd1aa9be2ce3b8b703445268724697011c27e044da54bcaa116ecb6e3509c2b8adc8e95d54e750d2af094eb06330f847e67eb6e5bba5003ecad27439
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-