General
-
Target
Windows Session Manager.exe
-
Size
1.3MB
-
Sample
210624-z3rv4e1ed2
-
MD5
000e2743bf3cb96cefc4be357765cec3
-
SHA1
62b9b6afc91e349c56ce967985eec229f7db82aa
-
SHA256
126f06426beeaaeea65331c5896590eb558405e5b924254e1aa17c3adc5c2fb3
-
SHA512
b8298aed9d0ac929c9942ff8addce2a3b0e779093dad50fc99242542e8894fb0c45a5d4e60ed33691fc5fbcdeccfc9e50244dad6056500de8a28fddb6f6f275f
Malware Config
Targets
-
-
Target
Windows Session Manager.exe
-
Size
1.3MB
-
MD5
000e2743bf3cb96cefc4be357765cec3
-
SHA1
62b9b6afc91e349c56ce967985eec229f7db82aa
-
SHA256
126f06426beeaaeea65331c5896590eb558405e5b924254e1aa17c3adc5c2fb3
-
SHA512
b8298aed9d0ac929c9942ff8addce2a3b0e779093dad50fc99242542e8894fb0c45a5d4e60ed33691fc5fbcdeccfc9e50244dad6056500de8a28fddb6f6f275f
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-