General
-
Target
066934ec28c4b0fd1d7c04084208ede645197972b34cdedd27ba980f13f5d642
-
Size
281KB
-
Sample
220124-t62h7affd6
-
MD5
4618a8609491c33871becf7be481067d
-
SHA1
c2d0b94eededf7a386d67e37c7ae2fb985af528e
-
SHA256
066934ec28c4b0fd1d7c04084208ede645197972b34cdedd27ba980f13f5d642
-
SHA512
b34ec92f725928a74f427088afda8966941ee9f6140b583cdc1c61e877dca0ecdabe58541cbce12f28555e4659a00fbb3f58f1c6b575231271482d88469cec47
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
066934ec28c4b0fd1d7c04084208ede645197972b34cdedd27ba980f13f5d642
-
Size
281KB
-
MD5
4618a8609491c33871becf7be481067d
-
SHA1
c2d0b94eededf7a386d67e37c7ae2fb985af528e
-
SHA256
066934ec28c4b0fd1d7c04084208ede645197972b34cdedd27ba980f13f5d642
-
SHA512
b34ec92f725928a74f427088afda8966941ee9f6140b583cdc1c61e877dca0ecdabe58541cbce12f28555e4659a00fbb3f58f1c6b575231271482d88469cec47
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-