General
-
Target
8a04cf5b84f3b2469aa8197a439a763b.exe
-
Size
14.2MB
-
Sample
210714-hxrshkc81j
-
MD5
8a04cf5b84f3b2469aa8197a439a763b
-
SHA1
bfbb961f42bfca83610f2152fdeddf4e6ee2da90
-
SHA256
594612e968755241ad60c9012cb668df571ebe1c681ada177cfc3fd5563be0e3
-
SHA512
a636966c2d18af1ba5c48ea803ce72e4b19b7fb2e87b3bf6d205d2c738a5315d2cb4d1ffe06a78a05351949ee777933f222a8e55fe07fc90903ab24af0bcc4a6
Static task
static1
Behavioral task
behavioral1
Sample
8a04cf5b84f3b2469aa8197a439a763b.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
8a04cf5b84f3b2469aa8197a439a763b.exe
-
Size
14.2MB
-
MD5
8a04cf5b84f3b2469aa8197a439a763b
-
SHA1
bfbb961f42bfca83610f2152fdeddf4e6ee2da90
-
SHA256
594612e968755241ad60c9012cb668df571ebe1c681ada177cfc3fd5563be0e3
-
SHA512
a636966c2d18af1ba5c48ea803ce72e4b19b7fb2e87b3bf6d205d2c738a5315d2cb4d1ffe06a78a05351949ee777933f222a8e55fe07fc90903ab24af0bcc4a6
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-