General
-
Target
a88b94f5031a3c41915f61d0d391ab64ecef5f82256602e42103c86eff77b2b6
-
Size
1.6MB
-
Sample
221129-xrwwyagb43
-
MD5
839e207bb22ab8772befb8b594fdd877
-
SHA1
6f59e4010dec8418fc4018628da61c363594b133
-
SHA256
a88b94f5031a3c41915f61d0d391ab64ecef5f82256602e42103c86eff77b2b6
-
SHA512
8bdd1a56cf3ce7cffec62dbd13d04a44f285f46208e7f1664be98089e2f49fc9443df67c76231b550fd812c231a8e35e4ed5334ac8342948f9f958eeecbb06dd
-
SSDEEP
24576:dPp4UF0HA9lFSrNQOwTtndYzCs2kTIrmyfbiV6RlvesOhlam6Oayh/oHW5:dPCFecr6/TtndakLiV6nvPOr/oHo
Static task
static1
Malware Config
Targets
-
-
Target
a88b94f5031a3c41915f61d0d391ab64ecef5f82256602e42103c86eff77b2b6
-
Size
1.6MB
-
MD5
839e207bb22ab8772befb8b594fdd877
-
SHA1
6f59e4010dec8418fc4018628da61c363594b133
-
SHA256
a88b94f5031a3c41915f61d0d391ab64ecef5f82256602e42103c86eff77b2b6
-
SHA512
8bdd1a56cf3ce7cffec62dbd13d04a44f285f46208e7f1664be98089e2f49fc9443df67c76231b550fd812c231a8e35e4ed5334ac8342948f9f958eeecbb06dd
-
SSDEEP
24576:dPp4UF0HA9lFSrNQOwTtndYzCs2kTIrmyfbiV6RlvesOhlam6Oayh/oHW5:dPCFecr6/TtndakLiV6nvPOr/oHo
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-