General
-
Target
9c86c88890c2de217bbfe6d82c261d4292d7b57f6aa14a57463bc7f212bd4a77
-
Size
270KB
-
Sample
220124-ge76fachh7
-
MD5
d47105f042295c6142fd0553b9d06260
-
SHA1
52d0946b688f246308b90b3d848e4cd78912283d
-
SHA256
9c86c88890c2de217bbfe6d82c261d4292d7b57f6aa14a57463bc7f212bd4a77
-
SHA512
d2895ae35c3ba496c3b7ee31a3fe2f59ee1097525ade37efdae2b8a986caca95adb870d18aedc0cd4da2ac81b671111ef65edeed622e921a12cfa2906c697810
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
9c86c88890c2de217bbfe6d82c261d4292d7b57f6aa14a57463bc7f212bd4a77
-
Size
270KB
-
MD5
d47105f042295c6142fd0553b9d06260
-
SHA1
52d0946b688f246308b90b3d848e4cd78912283d
-
SHA256
9c86c88890c2de217bbfe6d82c261d4292d7b57f6aa14a57463bc7f212bd4a77
-
SHA512
d2895ae35c3ba496c3b7ee31a3fe2f59ee1097525ade37efdae2b8a986caca95adb870d18aedc0cd4da2ac81b671111ef65edeed622e921a12cfa2906c697810
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-