Overview

overview

10

Static

static

8

Gerador De...PB.exe

windows7_x64

10

Gerador De...PB.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Gerador De Cash 2020 PB.exe

  • Size

    562KB

  • Sample

    210719-6b66jtg8ke

  • MD5

    02d37ed4bc3422b573fce8265a434d1b

  • SHA1

    57c2ff77566afcfbf5d75c5912a22a19656afa29

  • SHA256

    571a708504cf085b54eaed702a6c95b3189426dc20c78e42a3f1e1096d6bf044

  • SHA512

    cb33ce0df6ce4dcc093f821e08cbd4307540c03cf239e89934e267457705d8ae911004d411555ff95189413f93f9b09105f800e86a74d3bf9e06462133651cc1

Score
10/10
cybergatexmrigminerpersistencestealertrojanupx

Malware Config

Targets

    • Target

      Gerador De Cash 2020 PB.exe

    • Size

      562KB

    • MD5

      02d37ed4bc3422b573fce8265a434d1b

    • SHA1

      57c2ff77566afcfbf5d75c5912a22a19656afa29

    • SHA256

      571a708504cf085b54eaed702a6c95b3189426dc20c78e42a3f1e1096d6bf044

    • SHA512

      cb33ce0df6ce4dcc093f821e08cbd4307540c03cf239e89934e267457705d8ae911004d411555ff95189413f93f9b09105f800e86a74d3bf9e06462133651cc1

    Score
    10/10
    cybergatexmrigminerpersistencestealertrojanupx

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

      trojanstealercybergate

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

3
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks