General
-
Target
557b36d84494dbe4e0a20ac3ecdfbdf0a47a10255724d37313fc7a25aea2260b
-
Size
171KB
-
Sample
220504-pqmmwagdeq
-
MD5
b2983dc6d009875de6e6e97be5779db0
-
SHA1
11fd9f1b527eae215d51865dee19b3dceabd918c
-
SHA256
557b36d84494dbe4e0a20ac3ecdfbdf0a47a10255724d37313fc7a25aea2260b
-
SHA512
bbc86e6e5895c9ce90edde8c70178b70017891156929534d7ff7dabd0f435a0ee68863c95e888d3aaffef9efa3ac265c7e574715eb85e52c1c6ca970da546cea
Static task
static1
Malware Config
Targets
-
-
Target
557b36d84494dbe4e0a20ac3ecdfbdf0a47a10255724d37313fc7a25aea2260b
-
Size
171KB
-
MD5
b2983dc6d009875de6e6e97be5779db0
-
SHA1
11fd9f1b527eae215d51865dee19b3dceabd918c
-
SHA256
557b36d84494dbe4e0a20ac3ecdfbdf0a47a10255724d37313fc7a25aea2260b
-
SHA512
bbc86e6e5895c9ce90edde8c70178b70017891156929534d7ff7dabd0f435a0ee68863c95e888d3aaffef9efa3ac265c7e574715eb85e52c1c6ca970da546cea
-
suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)
suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-