General
-
Target
fa50231fb74e77f409b56b859dec8b96e82c8a57986c2657f8f64cbe1764c7a5
-
Size
281KB
-
Sample
220124-tbjpwsfcg3
-
MD5
0f1f64ffc74f34685bc5a3a617dada5a
-
SHA1
f748e154b28ce6bf4dfa6943f8153c0c044bf2c6
-
SHA256
fa50231fb74e77f409b56b859dec8b96e82c8a57986c2657f8f64cbe1764c7a5
-
SHA512
8b6df5379df6834ef6b7af28e2576f7dafb6c7b7c8190a386b4d2b03c66f1ec290aba5fcdda63461ba3294bb4e20f1bfff64ef7dff5381c877b571ae641c1cbc
Static task
static1
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
fa50231fb74e77f409b56b859dec8b96e82c8a57986c2657f8f64cbe1764c7a5
-
Size
281KB
-
MD5
0f1f64ffc74f34685bc5a3a617dada5a
-
SHA1
f748e154b28ce6bf4dfa6943f8153c0c044bf2c6
-
SHA256
fa50231fb74e77f409b56b859dec8b96e82c8a57986c2657f8f64cbe1764c7a5
-
SHA512
8b6df5379df6834ef6b7af28e2576f7dafb6c7b7c8190a386b4d2b03c66f1ec290aba5fcdda63461ba3294bb4e20f1bfff64ef7dff5381c877b571ae641c1cbc
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-