General
-
Target
mixazed_20210627-153212
-
Size
2.5MB
-
Sample
210627-lz6kgrv25j
-
MD5
208532e2a4c461ba3f8771e5f2c42965
-
SHA1
33bbc2bdbf7caa1d5871315c6f423717ce9ca33f
-
SHA256
f89110f497e2a39c3fc34329b16e5528564bae652fda61cd07410b27e046fdf3
-
SHA512
3eaf30a35012f1c8952c52d1114c20c59d9246ac8a0cdb5afd81d4543be8cc0d624d76ee4eac6968ae3504d25e99abe9673c79a3960557c38c1273d2b3dd19f2
Static task
static1
Behavioral task
behavioral1
Sample
mixazed_20210627-153212.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
mixazed_20210627-153212
-
Size
2.5MB
-
MD5
208532e2a4c461ba3f8771e5f2c42965
-
SHA1
33bbc2bdbf7caa1d5871315c6f423717ce9ca33f
-
SHA256
f89110f497e2a39c3fc34329b16e5528564bae652fda61cd07410b27e046fdf3
-
SHA512
3eaf30a35012f1c8952c52d1114c20c59d9246ac8a0cdb5afd81d4543be8cc0d624d76ee4eac6968ae3504d25e99abe9673c79a3960557c38c1273d2b3dd19f2
-
Registers COM server for autorun
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-