General
-
Target
7035d632ff8b10f819929e6cac09cf19.exe
-
Size
154KB
-
Sample
201229-jmzcdmzkva
-
MD5
7035d632ff8b10f819929e6cac09cf19
-
SHA1
fd147614ee008c1daa3eece110ceff33ee15a188
-
SHA256
92430a767afd2c33e7d5999d3238c03206bafde5b3e5f22b2bb53b7c6e1f659f
-
SHA512
596b9b2f16b2f9ab77fac2101c72e598e263ef9988a9f818ae5d1a23c10d75cacde3a02de4de0ce75a9884e205ed86db6fb0306cb3eceb113894a5b64dc98ac7
Static task
static1
Behavioral task
behavioral1
Sample
7035d632ff8b10f819929e6cac09cf19.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
7035d632ff8b10f819929e6cac09cf19.exe
-
Size
154KB
-
MD5
7035d632ff8b10f819929e6cac09cf19
-
SHA1
fd147614ee008c1daa3eece110ceff33ee15a188
-
SHA256
92430a767afd2c33e7d5999d3238c03206bafde5b3e5f22b2bb53b7c6e1f659f
-
SHA512
596b9b2f16b2f9ab77fac2101c72e598e263ef9988a9f818ae5d1a23c10d75cacde3a02de4de0ce75a9884e205ed86db6fb0306cb3eceb113894a5b64dc98ac7
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-