Overview

overview

10

Static

static

ce2945449a...e9.exe

windows7_x64

8

ce2945449a...e9.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce2945449a6577f85cff889129987d8cae01c02e520c9dba3a4aa3359250b5e9

  • Size

    831KB

  • Sample

    210513-tvsenhgaj6

  • MD5

    87de93c2723dd08196bcbc0b0feee0ef

  • SHA1

    909fd254543848f73e61a47847f435fd2db94698

  • SHA256

    ce2945449a6577f85cff889129987d8cae01c02e520c9dba3a4aa3359250b5e9

  • SHA512

    95d4e20ccbca1fc5dadd86769247295aafc7880fdc9788703305f3eeeab9a57f8d953c48d9140f1386aa754ba606d9f113ad0fcd2434b33751620bbbfe97b733

Score
10/10
xmrigminerpersistence

Malware Config

Targets

    • Target

      ce2945449a6577f85cff889129987d8cae01c02e520c9dba3a4aa3359250b5e9

    • Size

      831KB

    • MD5

      87de93c2723dd08196bcbc0b0feee0ef

    • SHA1

      909fd254543848f73e61a47847f435fd2db94698

    • SHA256

      ce2945449a6577f85cff889129987d8cae01c02e520c9dba3a4aa3359250b5e9

    • SHA512

      95d4e20ccbca1fc5dadd86769247295aafc7880fdc9788703305f3eeeab9a57f8d953c48d9140f1386aa754ba606d9f113ad0fcd2434b33751620bbbfe97b733

    Score
    10/10
    persistencexmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks