Overview

overview

10

Static

static

LOADER/SOUFIWSHIT.exe

windows10_x64

10

Resubmissions

12-07-2021 13:54

210712-pfqcwwb6ya 10

12-07-2021 13:51

210712-7pd4cbf21a 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOUFIWSHIT[FREE].zip

  • Size

    2.2MB

  • Sample

    210712-pfqcwwb6ya

  • MD5

    966e139a27c5a09d811abaa2456c9f64

  • SHA1

    9df4bf97275faa12557b29d0f4e955c58b3c5218

  • SHA256

    9453e534ac5d592422c62334b9672547f57f4ec3abba92162566cae795c0b04b

  • SHA512

    2aa1018174480f5bd2a05e8b311dd819332d6e915dd1d0fd0f452a68f8b67ad770c0a5e4d6e214a9673ca0ddf1ad68d3c30f1cf0bf217bc0806ccac5fa222b14

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      LOADER/SOUFIWSHIT.exe

    • Size

      2.2MB

    • MD5

      60f572f21737ea9fc28d6c86bad8fb10

    • SHA1

      fcad5bfd745b308eb618b887d40e888fd493fdfe

    • SHA256

      12b95a1d99a59ce67eba7c4f4661febe5fd14d84b1a20eaabdeb52a6fe8fc71f

    • SHA512

      3695b8177f8d2b4ce29827c2d1ae3b0a164d9958d14b2fa0731570106c4019d02626fc6a66b134f70dd574a24343b9a27dfb101309e95c942ccece4a8559f39b

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks