General
-
Target
e362536e25dbb82c5594a85eccd8b273c34f22412b8e43e2fb56404850b7f944
-
Size
270KB
-
Sample
220124-elgkysbef2
-
MD5
f5befb91c1b9c3c159e444c8eab701c4
-
SHA1
4c9ef855fb52431800c8b9c727f5d0078952d010
-
SHA256
e362536e25dbb82c5594a85eccd8b273c34f22412b8e43e2fb56404850b7f944
-
SHA512
397f819c94b230be70c70004a5e5a70667e122ce01f897f97aa1abef18e248d944b99da07fbcc05b912c2b2a31368601798a78dd12434babd1eb57fbdab5385a
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
e362536e25dbb82c5594a85eccd8b273c34f22412b8e43e2fb56404850b7f944
-
Size
270KB
-
MD5
f5befb91c1b9c3c159e444c8eab701c4
-
SHA1
4c9ef855fb52431800c8b9c727f5d0078952d010
-
SHA256
e362536e25dbb82c5594a85eccd8b273c34f22412b8e43e2fb56404850b7f944
-
SHA512
397f819c94b230be70c70004a5e5a70667e122ce01f897f97aa1abef18e248d944b99da07fbcc05b912c2b2a31368601798a78dd12434babd1eb57fbdab5385a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-