General
-
Target
691a09c48c600ffd2b2c56edc2075240e2db8c48e082f4b8f27505a75f42ddbe
-
Size
268KB
-
Sample
220123-yt22eagdf4
-
MD5
8d7411cbca493d3ef196581219bfb427
-
SHA1
9d641c21e7eb76d6b8792e1aee5f3191e0af3dd3
-
SHA256
691a09c48c600ffd2b2c56edc2075240e2db8c48e082f4b8f27505a75f42ddbe
-
SHA512
ced581dc83730c249e92864c77c9b227364518f696b361098d18a66c0ef46ae4cf219e1eb055c258735920fc13787a4128f048ab78a141729cadc6254f9c98e8
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
691a09c48c600ffd2b2c56edc2075240e2db8c48e082f4b8f27505a75f42ddbe
-
Size
268KB
-
MD5
8d7411cbca493d3ef196581219bfb427
-
SHA1
9d641c21e7eb76d6b8792e1aee5f3191e0af3dd3
-
SHA256
691a09c48c600ffd2b2c56edc2075240e2db8c48e082f4b8f27505a75f42ddbe
-
SHA512
ced581dc83730c249e92864c77c9b227364518f696b361098d18a66c0ef46ae4cf219e1eb055c258735920fc13787a4128f048ab78a141729cadc6254f9c98e8
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-