General
-
Target
1.ps1
-
Size
11KB
-
Sample
210702-5cpbbxw8vn
-
MD5
605e35c8a42df9b2e84767506fd7a058
-
SHA1
943b33be24495a540159230d5e1cda39c0912357
-
SHA256
5f4ede132e665f92d6dd56ce3a2a7425af122167756ba92c25e3cb8274f6c1f8
-
SHA512
a639e70c454070788f30b6df7d45ab24b7513333587a74ef6a648fa28c8104d9b7377b5fb78cf35c357f8d22796dfec198fd5d6f3e90667fe3d2269b7192b13a
Static task
static1
Behavioral task
behavioral1
Sample
1.ps1
Resource
win7v20210408
Malware Config
Extracted
http://t.hwqloan.com
Extracted
http://t.ouler.cc
Extracted
http://t.ntele.net
Extracted
http://t.jusanrihua.com
Targets
-
-
Target
1.ps1
-
Size
11KB
-
MD5
605e35c8a42df9b2e84767506fd7a058
-
SHA1
943b33be24495a540159230d5e1cda39c0912357
-
SHA256
5f4ede132e665f92d6dd56ce3a2a7425af122167756ba92c25e3cb8274f6c1f8
-
SHA512
a639e70c454070788f30b6df7d45ab24b7513333587a74ef6a648fa28c8104d9b7377b5fb78cf35c357f8d22796dfec198fd5d6f3e90667fe3d2269b7192b13a
-
Modifies security service
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Stops running service(s)
-
Loads dropped DLL
-
Drops file in System32 directory
-