General
-
Target
sgm_t.bin
-
Size
299KB
-
Sample
201123-kdn6xnkg5s
-
MD5
872c5764f727793bb1bf37a3b2f1a9d0
-
SHA1
2e6060208d6ff05ab3b081ed74a92c7946df5637
-
SHA256
d411cee3b925242bbde268dec51fd8ab9e5228ee7a068f9429b3280e110b9a1b
-
SHA512
187261920df3b35da781ecd5e6c2599b0b57456dd07afa0c87296ac774b52c532e2b469b1b96ab0c4fa8136e08025df91cad60838d4be197b3e2c6493270a1a0
Static task
static1
Behavioral task
behavioral1
Sample
sgm_t.bin.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
sgm_t.bin
-
Size
299KB
-
MD5
872c5764f727793bb1bf37a3b2f1a9d0
-
SHA1
2e6060208d6ff05ab3b081ed74a92c7946df5637
-
SHA256
d411cee3b925242bbde268dec51fd8ab9e5228ee7a068f9429b3280e110b9a1b
-
SHA512
187261920df3b35da781ecd5e6c2599b0b57456dd07afa0c87296ac774b52c532e2b469b1b96ab0c4fa8136e08025df91cad60838d4be197b3e2c6493270a1a0
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-