General
-
Target
97d5cb72674f0341389623a8f9c3882384426934b35b61b3200202fca3c6b919
-
Size
154KB
-
Sample
210926-xhdc8sfbdp
-
MD5
51f7971fc5cc36e55585bae323640fe1
-
SHA1
fe0eefd15974b53145898fe83b6787e48d4da8fb
-
SHA256
97d5cb72674f0341389623a8f9c3882384426934b35b61b3200202fca3c6b919
-
SHA512
664a04359b37e70d2230fffd6682271c3e48626227ad3ad5086ab6916ebba5e880de0c60a5ade47ed22c1a831a44c6a4a5d0211ee365fb522ac378d05c82e9c7
Static task
static1
Malware Config
Targets
-
-
Target
97d5cb72674f0341389623a8f9c3882384426934b35b61b3200202fca3c6b919
-
Size
154KB
-
MD5
51f7971fc5cc36e55585bae323640fe1
-
SHA1
fe0eefd15974b53145898fe83b6787e48d4da8fb
-
SHA256
97d5cb72674f0341389623a8f9c3882384426934b35b61b3200202fca3c6b919
-
SHA512
664a04359b37e70d2230fffd6682271c3e48626227ad3ad5086ab6916ebba5e880de0c60a5ade47ed22c1a831a44c6a4a5d0211ee365fb522ac378d05c82e9c7
-
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-