Overview

overview

10

Static

static

6

SRBPolaris...is.exe

windows7_x64

10

SRBPolaris...is.exe

windows10_x64

10

SRBPolaris...er.bat

windows7_x64

1

SRBPolaris...er.bat

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SRBPolaris_v3.5.zip

  • Size

    3.3MB

  • Sample

    210117-2davxblewj

  • MD5

    99716c2ef573eb00f2f55883e94fe2d3

  • SHA1

    2167fdc3db9fa3f144a20632c34f6a995132680f

  • SHA256

    a536ca892e6b48659abdb48d6f6ec76c9fb193daa18916dac5514944dc777722

  • SHA512

    85a1a668cbfbcf5c0bc22d366bd8d38ee16e4271138ded89fa98b435b6015d5a51549d9ad57bc10fbb1063ddae8e64c6e0aa0923fb4e5dc2ade2e1d52c9ba604

Score
10/10
persistence

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/7gds/f/main/bild.exe
exe.dropper

https://raw.githubusercontent.com/7gds/f/main/SRBPolaris.exe

Targets

    • Target

      SRBPolaris/SRBPolaris.exe

    • Size

      3.2MB

    • MD5

      c2e30b1c29bdb7f359de31d71abd7e63

    • SHA1

      93ffd64ef5585a857fd8d2a5bf1a3ce22ea12308

    • SHA256

      93afc8c4e97831db9df15f6055ade3086bb560f6eb0b2d246a2e99560fcae288

    • SHA512

      231faa7b0459b4a221eb7b6884be73c8b41849e26e16892a4f9cf078ff3840fb13a3688e0d3dab9065ebf748df0d71621cbb460777d92d45620ee8c0a6acd4c7

    Score
    10/10
    persistence

    • Executes dropped EXE

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      SRBPolaris/start_miner.bat

    • Size

      507B

    • MD5

      729053729653980b816e7d7ef9ad113f

    • SHA1

      8ecca7abb1813841cee61c9b9c1012a5afe8602f

    • SHA256

      5e35af7f3a18ed0e8b1cd548fa0df1ed0e61ca8e4630833b35bbff29fc91a112

    • SHA512

      7004259566b90156f058470433a26f877433b8c44ab7b73a1f5cab559a1db82decf80f5441170889dd1ddcaeb3bf70b0946ba6213f64a97d0b0297dc09e95870

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks