General
-
Target
Iqqsqekw.exe
-
Size
567KB
-
Sample
230327-a9gteaag67
-
MD5
08c102c70a4ed360d28b0d327665dde3
-
SHA1
38807c8adb216a23a0c5779f588348f8feaf455e
-
SHA256
c0f8680cf2c86e01c093eb988a77b9506c4c46c35e338de762af3ec1e40b9cc7
-
SHA512
87f4211808fdb2c5710afb840a8e3c6652cd40e6027ab6baf51cd600dd200d0064c5c945e185d08c7154d0774093b18e21d70059780da64a86c5639ee0474ec6
-
SSDEEP
12288:oIXjzItkb1oh4+ZrJL7a6SDwKzhi7koikgqfmgJvLdz:oKzIty1J+tJ7OP5oikgqfZD
Static task
static1
Behavioral task
behavioral1
Sample
Iqqsqekw.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Iqqsqekw.exe
-
Size
567KB
-
MD5
08c102c70a4ed360d28b0d327665dde3
-
SHA1
38807c8adb216a23a0c5779f588348f8feaf455e
-
SHA256
c0f8680cf2c86e01c093eb988a77b9506c4c46c35e338de762af3ec1e40b9cc7
-
SHA512
87f4211808fdb2c5710afb840a8e3c6652cd40e6027ab6baf51cd600dd200d0064c5c945e185d08c7154d0774093b18e21d70059780da64a86c5639ee0474ec6
-
SSDEEP
12288:oIXjzItkb1oh4+ZrJL7a6SDwKzhi7koikgqfmgJvLdz:oKzIty1J+tJ7OP5oikgqfZD
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-