General

  • Target

    17f4e8ef4e0b821ac222dbf1dab08889.exe

  • Size

    112KB

  • Sample

    210706-8mfrwhcs8e

  • MD5

    17f4e8ef4e0b821ac222dbf1dab08889

  • SHA1

    e6c5aa708c9787e84ae2894de4abc8824bfa97eb

  • SHA256

    b82c510a4e89d91316acab7f61ea599a4ee4ef7ccde2ed71cd46fa9875c0639c

  • SHA512

    3ef3af9668a4d28564ce98870f964be75c035a87792d5d60ec533fa0c16e2ef814cb5006d35a9a2f8ed26fa23c31d05188973dcb21faa8919702c1e8f05f5b59

Malware Config

Targets

    • Target

      17f4e8ef4e0b821ac222dbf1dab08889.exe

    • Size

      112KB

    • MD5

      17f4e8ef4e0b821ac222dbf1dab08889

    • SHA1

      e6c5aa708c9787e84ae2894de4abc8824bfa97eb

    • SHA256

      b82c510a4e89d91316acab7f61ea599a4ee4ef7ccde2ed71cd46fa9875c0639c

    • SHA512

      3ef3af9668a4d28564ce98870f964be75c035a87792d5d60ec533fa0c16e2ef814cb5006d35a9a2f8ed26fa23c31d05188973dcb21faa8919702c1e8f05f5b59

    Score
    10/10
    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Executes dropped EXE

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

    • Creates a Windows Service

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Tasks