General
-
Target
cd19340138f9eab48d20b3bf0a9dc6b4a6908d14cd48511ccefd6dba9e84705f.bin.sample.gz
-
Size
1.3MB
-
Sample
210528-bhh2hjbr4x
-
MD5
279899976c66b5efb027865b88d49d0a
-
SHA1
a9883413dcca7706196d5645ee0cd8f8fb5434b7
-
SHA256
28f4f0232383f01a81415e1d5c11d93254759260511f15924e3744be2063dafa
-
SHA512
9f4a1e83a5731e1063f2d59affc011a26ae908859e2794781cd0947fb63cafb64b7310cc42f97ce742363e529d168ca24908e504a6429666ab4d29be570fafcf
Malware Config
Extracted
C:\Users\Admin\Desktop\Decrypt-me.txt
Email:[email protected]
Answer:[email protected]
Targets
-
-
Target
sample
-
Size
1.3MB
-
MD5
0e64acab6fb3d50aaebc17e6dfb2d289
-
SHA1
c5c672a4a8ebae04cf7471c56136dce58ccd88f0
-
SHA256
cd19340138f9eab48d20b3bf0a9dc6b4a6908d14cd48511ccefd6dba9e84705f
-
SHA512
e797d31d7355d1f222a444fa934599582ffd9593185668382b9ad05ade1086d152f342305fb1b734a4cc0f691b2b4ba70fd8f183f77aa3f6f775a470fb4e7013
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-