General
-
Target
1ced3f4932a14a0f67ea832568338d6f1279b075891b3f518f5856917c9770d0
-
Size
268KB
-
Sample
220123-wqwdcagcg9
-
MD5
cbb34b0318975fd79e588831b6b86f15
-
SHA1
685701474cba0e1a1cf2ee21a19dc56b8d00ca4d
-
SHA256
1ced3f4932a14a0f67ea832568338d6f1279b075891b3f518f5856917c9770d0
-
SHA512
690bc542b8b0d96947e240afc6a93da3c50f3f97233f68da5a04aba33a5554fde5670e6bf610263d9cf645c444a37276938322d86e46ab4c937a90d18466b8e4
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
1ced3f4932a14a0f67ea832568338d6f1279b075891b3f518f5856917c9770d0
-
Size
268KB
-
MD5
cbb34b0318975fd79e588831b6b86f15
-
SHA1
685701474cba0e1a1cf2ee21a19dc56b8d00ca4d
-
SHA256
1ced3f4932a14a0f67ea832568338d6f1279b075891b3f518f5856917c9770d0
-
SHA512
690bc542b8b0d96947e240afc6a93da3c50f3f97233f68da5a04aba33a5554fde5670e6bf610263d9cf645c444a37276938322d86e46ab4c937a90d18466b8e4
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-