General
-
Target
cee6d553b6dcb65b864b7f7e4a551234b1cd401f7ea3fffe363494eda0ef7e7f
-
Size
281KB
-
Sample
220124-szf38sfcb6
-
MD5
e882244fad65c861b9f902fca17d2295
-
SHA1
6783d4c1cccb49740faa9828c706ed7e659f1f08
-
SHA256
cee6d553b6dcb65b864b7f7e4a551234b1cd401f7ea3fffe363494eda0ef7e7f
-
SHA512
04e0cc6bd7f18f83696198ded014126af17b5100625fbde4d0fcb51ed4343259f3b4e97432c2536d675299920c70ee49a71b063c03de08ab8c91a1c274274cf7
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
cee6d553b6dcb65b864b7f7e4a551234b1cd401f7ea3fffe363494eda0ef7e7f
-
Size
281KB
-
MD5
e882244fad65c861b9f902fca17d2295
-
SHA1
6783d4c1cccb49740faa9828c706ed7e659f1f08
-
SHA256
cee6d553b6dcb65b864b7f7e4a551234b1cd401f7ea3fffe363494eda0ef7e7f
-
SHA512
04e0cc6bd7f18f83696198ded014126af17b5100625fbde4d0fcb51ed4343259f3b4e97432c2536d675299920c70ee49a71b063c03de08ab8c91a1c274274cf7
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-