General
-
Target
7738426258.zip
-
Size
226KB
-
Sample
220729-l284gahbgn
-
MD5
170e727154503880abee16de87b2b7c6
-
SHA1
b5703e38017b117f07016aa24cd5e3f8f1ff2225
-
SHA256
71aed22dad72edfbde89027a6b8493823ce54b97982e2a08afc3e7b7c774ef8e
-
SHA512
bad9b57ffe873fe0d124ee940465e50e37d4e53f0e5ddc3cf7304c34e0503c16ca12f3f3e597da99c6b065298a233320b71290ac071127e461be72ae7fa2bc09
Static task
static1
Behavioral task
behavioral1
Sample
408350d5ec3b95b75b24c7b37129c3b1761da78525c1cf65c561dc798f966f72.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
patmushta.info
parubey.info
Targets
-
-
Target
408350d5ec3b95b75b24c7b37129c3b1761da78525c1cf65c561dc798f966f72
-
Size
11.2MB
-
MD5
0f5f585eae17de900df160d215979eb2
-
SHA1
148a441b6a64b32903ff9d57da531f0d4556b3a6
-
SHA256
408350d5ec3b95b75b24c7b37129c3b1761da78525c1cf65c561dc798f966f72
-
SHA512
63944f2d3e6edb69f654338e3783d14a46e4776c15f044522c4040bb5c3646a487c86441d0de31f464ee4e41a3b9d851ec7b8a06f05c27d1465553536ac03ef1
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-