Overview

overview

10

Static

static

1

ฺฺฺB...¸ºà¸º

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...

windows10_x64

10

ฺฺฺK...ฺฺ

windows10_x64

10

ฺฺฺK...¸ºà¸º7

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50cbb85b16d25f9f3edb0c8749932e27db306559546e1feb5effcd7b6aab07e6.zip

  • Size

    2.3MB

  • Sample

    210306-jdxhfshles

  • MD5

    96014ea85879d69a69d9ffc95f918b03

  • SHA1

    8a076762e395344c901f6ba2d63b3c98cb3f5824

  • SHA256

    2bfe501031c14858507f0cc09a4312ca438b521f16fa83e90f93b067a929aaab

  • SHA512

    f91a1a59c77b325260644c6f7047411abce9a77bfcc9ab72b7e9f1d8c0a094482e8fbfe952606f3692fa8d13b840a77cc5c94b75e5bb444043307ed7f01ef63a

Score
10/10
xmrigevasionminerpersistencetrojanupx

Malware Config

Targets

    • Target

      50cbb85b16d25f9f3edb0c8749932e27db306559546e1feb5effcd7b6aab07e6

    • Size

      2.3MB

    • MD5

      921379bd587ab29da4dc23fb9d47fe36

    • SHA1

      e9db1731731503a81a2fdc67ffa005e6aa2a8038

    • SHA256

      50cbb85b16d25f9f3edb0c8749932e27db306559546e1feb5effcd7b6aab07e6

    • SHA512

      90211127d4dd83619bf42a1ab1f5d78d1a9f8ab7767704b19432d681807b636cf2bfbeb5ae97e25b57071e2a04f3b13e5a3f28b69d392b94f7ac0b3015ff38fc

    Score
    10/10
    evasionpersistencetrojanupxxmrigminer

    • Modifies firewall policy service

      evasion

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Detected Stratum cryptominer command

      Looks to be attempting to contact Stratum mining pool.

      miner

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

6
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

3
T1089

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Remote System Discovery

2
T1018

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks