Overview

overview

10

Static

static

cab63b0601...85.exe

windows7_x64

10

cab63b0601...85.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cab63b06017beec8efd11d7f03ca5a85

  • Size

    99KB

  • Sample

    210727-996eeftry6

  • MD5

    cab63b06017beec8efd11d7f03ca5a85

  • SHA1

    4f252e828d51bfe8cf1322e6c18656a8a9b359e2

  • SHA256

    cc6611635ca61701a1aa303698270f8e6d8de4f6fc5e6b3a11c5fa9cb1621972

  • SHA512

    9011b9bed98b8474f59e78966d5c31d36348afb256cc3d0a8406beb8038c03cb4d44b72e2fa4fb6868c8242909d71fcbfdcd359f727b9962293240c563da80e4

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      cab63b06017beec8efd11d7f03ca5a85

    • Size

      99KB

    • MD5

      cab63b06017beec8efd11d7f03ca5a85

    • SHA1

      4f252e828d51bfe8cf1322e6c18656a8a9b359e2

    • SHA256

      cc6611635ca61701a1aa303698270f8e6d8de4f6fc5e6b3a11c5fa9cb1621972

    • SHA512

      9011b9bed98b8474f59e78966d5c31d36348afb256cc3d0a8406beb8038c03cb4d44b72e2fa4fb6868c8242909d71fcbfdcd359f727b9962293240c563da80e4

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks