595C00BF9CA4BAA42B4490F2782CF2D3.exe

General
Target

595C00BF9CA4BAA42B4490F2782CF2D3.exe

Size

1MB

Sample

210611-ezj8ccjy3a

Score
10 /10
MD5

595c00bf9ca4baa42b4490f2782cf2d3

SHA1

d1441cc336655f36efc3db070f84701a1f68e51a

SHA256

6884ac9f82a44a7702c4807deec1640b66eb71f6c750dd0ca1d5d78632e626b5

SHA512

aaa673adb4511d7e4ba5836f6874b047e8c2b31f86e005d46094a47626d23f97d72874307538c451541dbb44905503df2227902e9f4ccffa4d9836981abcd2e6

Malware Config
Targets
Target

595C00BF9CA4BAA42B4490F2782CF2D3.exe

MD5

595c00bf9ca4baa42b4490f2782cf2d3

Filesize

1MB

Score
10 /10
SHA1

d1441cc336655f36efc3db070f84701a1f68e51a

SHA256

6884ac9f82a44a7702c4807deec1640b66eb71f6c750dd0ca1d5d78632e626b5

SHA512

aaa673adb4511d7e4ba5836f6874b047e8c2b31f86e005d46094a47626d23f97d72874307538c451541dbb44905503df2227902e9f4ccffa4d9836981abcd2e6

Tags

Signatures

  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • Disables Task Manager via registry modification

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Drops autorun.inf file

    Description

    Malware can abuse Windows Autorun to spread further via attached volumes.

    TTPs

    Replication Through Removable Media
  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10