General
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.32390
-
Size
172KB
-
Sample
201228-nz5sxv1fy2
-
MD5
21e50a8ca0425c3d14e03b7325e2aee6
-
SHA1
aa82c5ec5acec3da9a2f9e9da70c9f9080fc68be
-
SHA256
0d9ed7e134a13d48c88c27f062d0c45e1db82972206821229a22eace941eb806
-
SHA512
40b24327ceb9326b9e897dd0b7d70748708885f59c7745643fe4ce0dd3a5806e1845180ef880394b60dc1a652f96b4ca09fa942dcba7bcf361da085bce90bb3a
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.32390.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.32390
-
Size
172KB
-
MD5
21e50a8ca0425c3d14e03b7325e2aee6
-
SHA1
aa82c5ec5acec3da9a2f9e9da70c9f9080fc68be
-
SHA256
0d9ed7e134a13d48c88c27f062d0c45e1db82972206821229a22eace941eb806
-
SHA512
40b24327ceb9326b9e897dd0b7d70748708885f59c7745643fe4ce0dd3a5806e1845180ef880394b60dc1a652f96b4ca09fa942dcba7bcf361da085bce90bb3a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-