Overview

overview

10

Static

static

HackSuitev2Lite.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HackSuitev2Lite.rar

  • Size

    120KB

  • Sample

    210726-sf4xag2zl6

  • MD5

    aa183f2fabda8adc1f0f89d9bdd0c57a

  • SHA1

    5a8644fead1cb3a22a447ea49bac125887b7a4cb

  • SHA256

    a8a3bfb37db841cacd7c315f03103e0c858cc2e8abf6a73f4d3bbaeed1a98b93

  • SHA512

    13ce1457535073cc1f2e32fe9be4aae9ea82b094e0c4f2686646459f15c284bc4512965a267cb393fbf97e23f2d07b3a86282571cb359d36a82fbe5ac64ba33e

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      HackSuitev2Lite.exe

    • Size

      124KB

    • MD5

      e6d4f94c1ed2989dd2ef52daf6ab9334

    • SHA1

      237d1643c44d8759036e61256d7cc7355c814915

    • SHA256

      e00004a583d1fe4816b9d0049f3bf3d5cdedd65e9ed50c5ee34f0bdfe0dac4d2

    • SHA512

      f7d7fbd9c8c2a357c7b119f9a5d541de8c1704923e1b20aacd4f5f79db8c9f554dfe606dfee5f1d6f5dd460a59e69d68632c08ea7917c5ad2881875cd46120b7

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks