Overview

overview

10

Static

static

2f8f8012_b...is.exe

windows7_x64

10

2f8f8012_b...is.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f8f8012_by_Libranalysis

  • Size

    118KB

  • Sample

    210505-8l62vlncge

  • MD5

    2f8f8012ebb28563cc02c5fd13331a77

  • SHA1

    1a2fbf934df02869dc7a563501835e1feb5f6b5c

  • SHA256

    0ea327b5a6eb09b51bd1337c2b29e9fd4cbfa11a083736b47188884ffca7e2bf

  • SHA512

    92326e07db24f96b8f56e5b2b4f7d19dfcaa255592ec0de3f38ee585d5fa50d8a9038f65924b4b39125254ec234783beb003057289bcc995e1edf2afcd10f18c

Score
10/10
xmrigminerpersistence

Malware Config

Targets

    • Target

      2f8f8012_by_Libranalysis

    • Size

      118KB

    • MD5

      2f8f8012ebb28563cc02c5fd13331a77

    • SHA1

      1a2fbf934df02869dc7a563501835e1feb5f6b5c

    • SHA256

      0ea327b5a6eb09b51bd1337c2b29e9fd4cbfa11a083736b47188884ffca7e2bf

    • SHA512

      92326e07db24f96b8f56e5b2b4f7d19dfcaa255592ec0de3f38ee585d5fa50d8a9038f65924b4b39125254ec234783beb003057289bcc995e1edf2afcd10f18c

    Score
    10/10
    xmrigminerpersistence

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks