General

  • Target

    b4d22b58_by_Libranalysis

  • Size

    118KB

  • Sample

    210505-15fxzcqv5s

  • MD5

    b4d22b58cd80b7ffc930a76ca9f9fa71

  • SHA1

    3931f09d3d36e714eade19bab13a2ac5c5db1a6c

  • SHA256

    804acd2d212ff0dbdc4670b07862c19f275fc746b19d431bf6b31f78d7a63ec6

  • SHA512

    fa990e0799500dfef650648d06f7226a5c697b71c587ff32dbabe957a3e0425bd4f3d2f05990af787d3f2b223aa3097a88c2d018d79eadf4776f1742706e9b5e

Score
10/10

Malware Config

Targets

    • Target

      b4d22b58_by_Libranalysis

    • Size

      118KB

    • MD5

      b4d22b58cd80b7ffc930a76ca9f9fa71

    • SHA1

      3931f09d3d36e714eade19bab13a2ac5c5db1a6c

    • SHA256

      804acd2d212ff0dbdc4670b07862c19f275fc746b19d431bf6b31f78d7a63ec6

    • SHA512

      fa990e0799500dfef650648d06f7226a5c697b71c587ff32dbabe957a3e0425bd4f3d2f05990af787d3f2b223aa3097a88c2d018d79eadf4776f1742706e9b5e

    Score
    10/10
    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks