General

  • Target

    3e6600c56768aab0750cad731a152c0d

  • Size

    167KB

  • Sample

    210726-y7j5nxcdq6

  • MD5

    3e6600c56768aab0750cad731a152c0d

  • SHA1

    9b6c620ab87bc63cf597be00ec37a7192791f679

  • SHA256

    f719282ac5833fe573f4ac8221fb4214828855f4f05bc11ffbc73f6c019125a9

  • SHA512

    9bf64a2e8487e5335979d70147ecd022f43570b9e5a5e90f4ca3fca8eeb4ce833441905403ca6aed93923defe80975b6575e1974fc554022a6e7645ee727b74e

Score
10/10

Malware Config

Targets

    • Target

      3e6600c56768aab0750cad731a152c0d

    • Size

      167KB

    • MD5

      3e6600c56768aab0750cad731a152c0d

    • SHA1

      9b6c620ab87bc63cf597be00ec37a7192791f679

    • SHA256

      f719282ac5833fe573f4ac8221fb4214828855f4f05bc11ffbc73f6c019125a9

    • SHA512

      9bf64a2e8487e5335979d70147ecd022f43570b9e5a5e90f4ca3fca8eeb4ce833441905403ca6aed93923defe80975b6575e1974fc554022a6e7645ee727b74e

    Score
    10/10
    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks