General
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.20618
-
Size
171KB
-
Sample
201228-26cvynw98e
-
MD5
000b21a6ac8f5d5fa950eed455556dd2
-
SHA1
fe11975ba2efbc981619ea51f0875e65598a1daf
-
SHA256
91568fbf16eb6e6c8e6e633163ef0ff94ca4956195438c61d1023614d6f18fa5
-
SHA512
5205e5078bbb66f543541f7af3f463ea948c2c76df3d8fb4d4e1e50ef5dd2cd28352a9c73787d73d8a0996dce2d981ba03ca55ea342615df39e12510bbfe460f
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.20618.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.20618
-
Size
171KB
-
MD5
000b21a6ac8f5d5fa950eed455556dd2
-
SHA1
fe11975ba2efbc981619ea51f0875e65598a1daf
-
SHA256
91568fbf16eb6e6c8e6e633163ef0ff94ca4956195438c61d1023614d6f18fa5
-
SHA512
5205e5078bbb66f543541f7af3f463ea948c2c76df3d8fb4d4e1e50ef5dd2cd28352a9c73787d73d8a0996dce2d981ba03ca55ea342615df39e12510bbfe460f
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-