7cc35d1eb6961c962ae9fae96b4564c3f47d17b105af731910afe336f744f8ca

Sharing

Copy URL

Twitter E-mail

General

Target

gminer_2_42_windows64.zip
Size

17.0MB
Sample

210118-4yn7x21ap6
MD5

605d400adbed42e95b4a4a096772bf20
SHA1

51617140077601325d04e0cbf80f331319967fa4
SHA256

7cc35d1eb6961c962ae9fae96b4564c3f47d17b105af731910afe336f744f8ca
SHA512

76c081ea650529c316aec6ba92e8117902e1a9b5fe6ac92cd813ecd03aa80c665afb20563ddae7d3e6d52e3382c3500e338a99b72757d87e4868fb516e7eb369

Score

10^/10

persistence

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/7gds/f/main/bild.exe

exe.dropper

https://raw.githubusercontent.com/7gds/f/main/miner.exe

Targets

- Target
  
  mine_aeternity.bat
- Size
  
  122B
- MD5
  
  8ee582eee932b270d81a9b50968f235d
- SHA1
  
  78e1c9674ad0bd46a6b483e4e57d6ee3f12501ce
- SHA256
  
  41ba914d255dfd4fe2ed6ab36ec799a0a5a257e4dc291830e16aec3546c37283
- SHA512
  
  f479de8b0be0c5ab465bd1d49f4451aa63e83801039db7bc2359e22426011a6ddf447324ac1eb4d3738897421b564904267740367af4d989bdf2d19a0685d61f
Score

1^/10
behavioral1 behavioral2
- Target
  
  mine_aion.bat
- Size
  
  162B
- MD5
  
  648e1bd01b6ab048551285bd24f150c4
- SHA1
  
  6902ea2f7b556a5772a9ed6a65b5909da8fb3a9e
- SHA256
  
  c25af55cbb502e1c80dcb5c89ed26d248c2b10d0617e95ff4f5066b57feb2aae
- SHA512
  
  fdab90a02f6a636d5da5bf56ded63ef6c899a231569957e0a5abaf9b7d73d997a44c167ca6a9ec955615cb41e0c2746581e63393d80ec269aca8d6b17a0e69b7
Score

1^/10
behavioral3 behavioral4
- Target
  
  mine_beam.bat
- Size
  
  150B
- MD5
  
  107582a877da4aee283b320ec2d94311
- SHA1
  
  b1987c7f0a80bb72648ee3eac67a41914d069373
- SHA256
  
  5f29b2190f2e8ce78600f5c02e1ff1e30434c561f540c61bd06baeb3c2127fb8
- SHA512
  
  5a673abf76191fe43ed37380723c1ad93569c31d23b8890d42f4a287be525459aa377e1674b7a4f08b1aa11d92816b9e038010d4f1c78a5ab1c8e91f51cc70b5
Score

1^/10
behavioral5 behavioral6
- Target
  
  mine_btcz.bat
- Size
  
  150B
- MD5
  
  05fec97b2b30fc588f9d3baf371778d1
- SHA1
  
  a21d75bc833706fa4abfec83d44d14c60aba06c3
- SHA256
  
  37b1379debe4278fa47fca5cc1bafb13517e4be363000ce901e50d6ea05aa280
- SHA512
  
  2ce8fedf687c83cdf1555ff7cd82125f3497e79205de6d601b205393835178df2c2064122b00d8c1a3f810cce5b8aa9340ef04fafe0ab12b63ec420047c63ab4
Score

1^/10
behavioral7 behavioral8
- Target
  
  mine_btg.bat
- Size
  
  131B
- MD5
  
  9fd0452636f791144e62add94601834e
- SHA1
  
  21abeb78dbcb9491c8e92a387834cc3917d1912f
- SHA256
  
  faa338330b521339f9d725b74e610d53b922fc033deb6e486efbbc92a9871404
- SHA512
  
  1e582f3ce2cf8a72c33b81fb9d4065e21f4763a1e2f3758e8c409c2ee32d11860c6190bf4300b40243f42de04d585a35bd97e4c59c51407c81809092203049fa
Score

1^/10
behavioral9 behavioral10
- Target
  
  mine_grin29.bat
- Size
  
  100B
- MD5
  
  8650e2bfc291287d2518fb2edc929464
- SHA1
  
  fd85db66aa36c0df9361d26187b7129540b5da23
- SHA256
  
  14a829e66222a2caf7ffe2a9f582353b46df4461ec1aad8abca1b8859ec23c2f
- SHA512
  
  968f6542b9dd9c2c74fe79bb4d426bc0f43bf81763cc34bce4bf2f61faf6d93359bb625c25807aec9cf8b63f47eac63fb0cdfdeae8e094938ce3adcc2c0100af
Score

1^/10
behavioral11 behavioral12
- Target
  
  mine_grin31.bat
- Size
  
  100B
- MD5
  
  f6bdefeea64ebc6b5d7ab19c45f83118
- SHA1
  
  d71ac32827eaff4cca21f89481ead2a8adcaa68b
- SHA256
  
  456cebb343f24a4551bfc3a140fcae8f3be0a3523b44608af848fc35a5f235f3
- SHA512
  
  e893a350695bf63edd592f5a9cc29d17aac135527bb6965e1e42f42b5a248f998ad5db507b48b3c0a41824e56fb0f9104220e38df0fe052a5aeeb2df89d81298
Score

1^/10
behavioral13 behavioral14
- Target
  
  mine_mnx.bat
- Size
  
  135B
- MD5
  
  f2c6df0305c6d3505a2374589ed3a434
- SHA1
  
  55a69c828f245c6635a8fbc322b93e0611f3174f
- SHA256
  
  5ed4eca3dea3372962f3b54eb88770c7ca02d5f227f0923041b49c7a0f78a936
- SHA512
  
  9a95d2d5a63082a2d0c0c06f11cba41f6a47f7ef1313851eebf7a99e9521a5b1a3e7b69a9103abffd04fee5dc234bbf981c3b632a30aa35d98b54954fe184c3c
Score

1^/10
behavioral15 behavioral16
- Target
  
  mine_swap.bat
- Size
  
  167B
- MD5
  
  578b8e77341417db43159385c74f1810
- SHA1
  
  a8dd730cb232da75a19bbd701368eff1450ea12e
- SHA256
  
  6afad5abc7020dfc56542e59b9570a9a8c9a4235c75ea58d3da32047af9a9bd7
- SHA512
  
  bab735749a98860c7c7c0986539f8f5585afeef963f035855e07b48d69d2df9cbcb6dde00f01552bc6794a7099aa1be187b03ba226570205f3d1138c0fdc9e84
Score

1^/10
behavioral17 behavioral18
- Target
  
  mine_zero.bat
- Size
  
  147B
- MD5
  
  61ebbe729a83d344f375e709cdba0dfe
- SHA1
  
  b98eb57ca5cffdb330bf2fe2c2de4d935cac5ac6
- SHA256
  
  d7f1771ad9d42305becb45e44ff72b1de6f52444dbbc0ef0c26f209ea44d3d57
- SHA512
  
  da6681d21d980ba7b1ddf7fc023c82aacbad237334af0625895ba4bb1fb0e300133db909810a0ddaae79a8da1c1e00080a80157ad5b8a7a8857b5607c530ef59
Score

1^/10
behavioral19 behavioral20
- Target
  
  miner.exe
- Size
  
  17.2MB
- MD5
  
  adf909a4715a421cd8c683016e75d40a
- SHA1
  
  51f6dc871ec6bd0b8296e5d631287d425aa3270d
- SHA256
  
  138b049541b36ea37d12b9ef3f684aa5e99315e0ce5137e0bea89d39718faefe
- SHA512
  
  a2fff627245ad394fb68bc53f7b163b94b7dc950e23a6c3aedb14453cda858468f76aec32a74ba2034d169f69798b13a201b11cf939294690d7a16c7e3565073
Score

10^/10

persistence
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral21 behavioral22

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Drops startup file

Adds Run key to start application

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22