Overview

overview

10

Static

static

10

0abfe7296d...b3.exe

windows7_x64

10

0abfe7296d...b3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0abfe7296d6ef7efd02d77248cbaffb3.exe

  • Size

    112KB

  • Sample

    210519-b9rq5bvs7x

  • MD5

    0abfe7296d6ef7efd02d77248cbaffb3

  • SHA1

    fa7741429e5fb7143aa59b2e6179809b8a88bbe4

  • SHA256

    08626ceda0fe99bd888c612e6935330f3fbc6775d1be5d1e6e8cd934365549c0

  • SHA512

    c04a7b80818716f460d0e6f4df4e5e65600e794294348ae4ff2923a973e2b7e9c0be163de6d74c5e8a1c5ffaeb50ab9a0788bfdd780cccf6fd61457fc157ec1b

Score
10/10
runningratxmrigminerpersistencerat

Malware Config

Targets

    • Target

      0abfe7296d6ef7efd02d77248cbaffb3.exe

    • Size

      112KB

    • MD5

      0abfe7296d6ef7efd02d77248cbaffb3

    • SHA1

      fa7741429e5fb7143aa59b2e6179809b8a88bbe4

    • SHA256

      08626ceda0fe99bd888c612e6935330f3fbc6775d1be5d1e6e8cd934365549c0

    • SHA512

      c04a7b80818716f460d0e6f4df4e5e65600e794294348ae4ff2923a973e2b7e9c0be163de6d74c5e8a1c5ffaeb50ab9a0788bfdd780cccf6fd61457fc157ec1b

    Score
    10/10
    runningratpersistenceratxmrigminer

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

      ratrunningrat

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Sets DLL path for service in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks