Overview

overview

10

Static

static

1

Software u....0.exe

windows7_x64

10

Software u....0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Software updated v2.6.0.exe

  • Size

    256KB

  • Sample

    210719-wdl38yk3gx

  • MD5

    18d05e20731583a22b495d0d1f107c5b

  • SHA1

    2ced0e3577063ca3613b43661e7df5bc1411ab09

  • SHA256

    b1c5fd5c0f6a2760eb638414d9bf9b7536b81f45edbd9d509dd085346c67a6ae

  • SHA512

    36e73454b0d74088fb39dbec77c45c4106908dc80efc6a0ac8247a538345b4224f3f5e0cf6b39cf8c1687ddcee58ac2e6f24b735c9b9e277c7d064fd82e7a65a

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      Software updated v2.6.0.exe

    • Size

      256KB

    • MD5

      18d05e20731583a22b495d0d1f107c5b

    • SHA1

      2ced0e3577063ca3613b43661e7df5bc1411ab09

    • SHA256

      b1c5fd5c0f6a2760eb638414d9bf9b7536b81f45edbd9d509dd085346c67a6ae

    • SHA512

      36e73454b0d74088fb39dbec77c45c4106908dc80efc6a0ac8247a538345b4224f3f5e0cf6b39cf8c1687ddcee58ac2e6f24b735c9b9e277c7d064fd82e7a65a

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks