General
-
Target
2ec13ff323ed9deaf0139b075cc24c47dfff331750248c556d6d71c6da4fe588
-
Size
11.9MB
-
Sample
210513-y4nhjlvghn
-
MD5
26bf994113c878ca32017a04daec36b2
-
SHA1
274f42cb88dd1b158456c2f484816f0280344edc
-
SHA256
2ec13ff323ed9deaf0139b075cc24c47dfff331750248c556d6d71c6da4fe588
-
SHA512
a8f54ac5124b6b8fc56df4cb7f289b3d6a51aabe1bee5fadb7f6e3763b1a1e1395b5f67747cc26330b51c14154e76127152d7a04cf6fad6fe824a05d2b1967f2
Static task
static1
Behavioral task
behavioral1
Sample
2ec13ff323ed9deaf0139b075cc24c47dfff331750248c556d6d71c6da4fe588.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
2ec13ff323ed9deaf0139b075cc24c47dfff331750248c556d6d71c6da4fe588
-
Size
11.9MB
-
MD5
26bf994113c878ca32017a04daec36b2
-
SHA1
274f42cb88dd1b158456c2f484816f0280344edc
-
SHA256
2ec13ff323ed9deaf0139b075cc24c47dfff331750248c556d6d71c6da4fe588
-
SHA512
a8f54ac5124b6b8fc56df4cb7f289b3d6a51aabe1bee5fadb7f6e3763b1a1e1395b5f67747cc26330b51c14154e76127152d7a04cf6fad6fe824a05d2b1967f2
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-