General
-
Target
52b050051a9a82798822f0381b948e09149dacf307551b060f83baf1c7562e65
-
Size
13.2MB
-
Sample
210120-8wfpkye7e2
-
MD5
5f00b7c04424f074cab3cda9f1295e29
-
SHA1
7c661b9b70fb91877e0216fb54b1ba90e66ae62b
-
SHA256
52b050051a9a82798822f0381b948e09149dacf307551b060f83baf1c7562e65
-
SHA512
0ff8a98bcafd662721d6a9cfcd6001825c832106a1520608f60108defa1f77c4cad0c0cb4570cae49bb0ac2cbbd7e08484ed67dcf0a076a3d3628c36407f1763
Static task
static1
Behavioral task
behavioral1
Sample
52b050051a9a82798822f0381b948e09149dacf307551b060f83baf1c7562e65.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
52b050051a9a82798822f0381b948e09149dacf307551b060f83baf1c7562e65.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
52b050051a9a82798822f0381b948e09149dacf307551b060f83baf1c7562e65
-
Size
13.2MB
-
MD5
5f00b7c04424f074cab3cda9f1295e29
-
SHA1
7c661b9b70fb91877e0216fb54b1ba90e66ae62b
-
SHA256
52b050051a9a82798822f0381b948e09149dacf307551b060f83baf1c7562e65
-
SHA512
0ff8a98bcafd662721d6a9cfcd6001825c832106a1520608f60108defa1f77c4cad0c0cb4570cae49bb0ac2cbbd7e08484ed67dcf0a076a3d3628c36407f1763
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-