General
-
Target
skqrzrsh.exe
-
Size
12.1MB
-
Sample
220808-qcmldsbacr
-
MD5
5906ac14bc45a1f39cb9eb790a1d3b27
-
SHA1
9dd7593f1f478bce269d1eccf94b44113c8d708a
-
SHA256
de5704d6579398a4b51f7458c105759c46096567661a26bffe1159ef11a16eb8
-
SHA512
8f4c8bc4e2a2433fa93062d9592f434ada2ec4ec7cd0f3f19a1a94011f4ad13d61a906fcce65687af55870e82f25fa1def931438fbe04394e95de993d2361b7b
Static task
static1
Behavioral task
behavioral1
Sample
skqrzrsh.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
skqrzrsh.exe
-
Size
12.1MB
-
MD5
5906ac14bc45a1f39cb9eb790a1d3b27
-
SHA1
9dd7593f1f478bce269d1eccf94b44113c8d708a
-
SHA256
de5704d6579398a4b51f7458c105759c46096567661a26bffe1159ef11a16eb8
-
SHA512
8f4c8bc4e2a2433fa93062d9592f434ada2ec4ec7cd0f3f19a1a94011f4ad13d61a906fcce65687af55870e82f25fa1def931438fbe04394e95de993d2361b7b
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-