General
-
Target
32_64_ver_1_bit.bin (1).zip
-
Size
1.7MB
-
Sample
210306-ltrby6m57x
-
MD5
3c5798fe337421e0c6f7ca3d0954c55a
-
SHA1
11e5557b97f7c1f3871a1812c0d41687fa45384f
-
SHA256
f9d1611e9c76704829a006ca1a15c810063c0c68f2c9466cfafe583de36c4a0e
-
SHA512
9f89783d796bfe2834cea51ecd7802d7fc511abb0396067f8bc4b66072a9d8c7ff47a87a0260ed52a581e9a3079a79afa6a4194c0a26be7670308964b8198891
Static task
static1
Behavioral task
behavioral1
Sample
32_64_ver_1_bit.bin.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
32_64_ver_1_bit.bin.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
32_64_ver_1_bit.bin.exe
Resource
win10v20201028
Behavioral task
behavioral4
Sample
32_64_ver_1_bit.bin.exe
Resource
win10v20201028
Behavioral task
behavioral5
Sample
32_64_ver_1_bit.bin.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
32_64_ver_1_bit.bin
-
Size
1.8MB
-
MD5
cf79a81627e7b71ca9bdd33ba812b7a0
-
SHA1
26c35564bde9adcc2c56d062fce809ee2b4ee82d
-
SHA256
607d4323ec499f3d2d39f10ce3e539442c2c8959be41afe20d6a2a68b5406f8b
-
SHA512
79b1a6429432e4b4860f3226cf892c14a77cc8c9b55b8d4990c43af8a4d9f8ef09dfa6a43e2f05671ea4dc20625ccd1a1d3507c227a49f35ef74df892fba9342
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-