Overview

overview

10

Static

static

1

Software u....1.exe

windows7_x64

10

Software u....1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Software updated v2.5.1.rar

  • Size

    127KB

  • Sample

    210717-a5882wjvca

  • MD5

    829a786929f96ab2ecfc5b321f8edf66

  • SHA1

    2f772ee55dafeaf3d420e0c30bac1e50a8a14862

  • SHA256

    60cc0c28611a4e7c41c68f31e82e9e39854fb944a813ea397b466c0e0c5028ea

  • SHA512

    62be5027a513d9e361b0d23045da8bad17ed84b87327c3566570f12a893bb603de187eb130d437a8981b2efacc9b8a1b023cce8f9cd097b2c0e1fbe5906e464a

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      Software updated v2.5.1.exe

    • Size

      239KB

    • MD5

      e2aae986a720ccf6e5daba1ce4e9856c

    • SHA1

      2fe4fee5bebf4f2edf8163a976dee67d7b811bc7

    • SHA256

      1a6b940931599ed986c41e9eccd550061a7f43624c91e5fbc41360508a27d07b

    • SHA512

      10046f18e6fc175503b2621a3178ae21a7117dd3febc78c78aaf2bd54ced9cb6fda2c0385db9f5fbe5d8cbbe4d8c5b15a5d8456a3a1a1024c598237df6dd3c2f

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks