Overview

overview

10

Static

static

e80c9491a6...b4.exe

windows7_x64

10

e80c9491a6...b4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e80c9491a679eec91b58c5a8cc20e1b4

  • Size

    167KB

  • Sample

    210715-kp67kq1csj

  • MD5

    e80c9491a679eec91b58c5a8cc20e1b4

  • SHA1

    a365aa7c60357c693b1493eb0f13f112525e1e1f

  • SHA256

    7c88f9d38fcb9dd17d733e65a8ebee46d6b74700a02ba5a4614b7b6002d5ef0c

  • SHA512

    244e408fb35e632f442ab0ce825310dae95b661d5e238ff64639149f2cc775807a0f361eba0a251e6fe6b8de8b500ff9a7947c57c1645f2320d442102a73d16c

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      e80c9491a679eec91b58c5a8cc20e1b4

    • Size

      167KB

    • MD5

      e80c9491a679eec91b58c5a8cc20e1b4

    • SHA1

      a365aa7c60357c693b1493eb0f13f112525e1e1f

    • SHA256

      7c88f9d38fcb9dd17d733e65a8ebee46d6b74700a02ba5a4614b7b6002d5ef0c

    • SHA512

      244e408fb35e632f442ab0ce825310dae95b661d5e238ff64639149f2cc775807a0f361eba0a251e6fe6b8de8b500ff9a7947c57c1645f2320d442102a73d16c

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks