General
-
Target
220ac1d52446be2b0c1e854cc81e7e27.exe
-
Size
13.6MB
-
Sample
210709-246mmnrs2a
-
MD5
220ac1d52446be2b0c1e854cc81e7e27
-
SHA1
130bf6a18d3aeea47e3e65e865417df62ac4143f
-
SHA256
916b9345c21902748cb937433e9fde2aa588269234f0f2f831d05a13eadf2d5c
-
SHA512
0008a30edc70e6b7ff448278078838ce5dd10a255581f72ceb17bf0f7b54b2c5dd98926ab831bbe17ee59f56325abd5df5d39876af7c137b970ab19d08811300
Static task
static1
Behavioral task
behavioral1
Sample
220ac1d52446be2b0c1e854cc81e7e27.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
220ac1d52446be2b0c1e854cc81e7e27.exe
-
Size
13.6MB
-
MD5
220ac1d52446be2b0c1e854cc81e7e27
-
SHA1
130bf6a18d3aeea47e3e65e865417df62ac4143f
-
SHA256
916b9345c21902748cb937433e9fde2aa588269234f0f2f831d05a13eadf2d5c
-
SHA512
0008a30edc70e6b7ff448278078838ce5dd10a255581f72ceb17bf0f7b54b2c5dd98926ab831bbe17ee59f56325abd5df5d39876af7c137b970ab19d08811300
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-