General
-
Target
0dd9362487be176ec1a0ef4f38e681c9c39d2357f067590d9a3ae84434f6700a
-
Size
281KB
-
Sample
220124-ne3z2sede9
-
MD5
df9b21ea58142ed21013491efd647fda
-
SHA1
08f21a4ef8c481c38e9019a826ee963649c821a2
-
SHA256
0dd9362487be176ec1a0ef4f38e681c9c39d2357f067590d9a3ae84434f6700a
-
SHA512
19c890b26e100a9dd3407440c1073111d935178a6830ac4066221d84f17c233269522701e25a13d75b77779f8d1431d2eab96101ab864c2427718fa4080d7731
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
0dd9362487be176ec1a0ef4f38e681c9c39d2357f067590d9a3ae84434f6700a
-
Size
281KB
-
MD5
df9b21ea58142ed21013491efd647fda
-
SHA1
08f21a4ef8c481c38e9019a826ee963649c821a2
-
SHA256
0dd9362487be176ec1a0ef4f38e681c9c39d2357f067590d9a3ae84434f6700a
-
SHA512
19c890b26e100a9dd3407440c1073111d935178a6830ac4066221d84f17c233269522701e25a13d75b77779f8d1431d2eab96101ab864c2427718fa4080d7731
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-