Overview

overview

10

Static

static

new.bin.exe

windows7_x64

10

new.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new.bin

  • Size

    72KB

  • Sample

    211013-1tjk6sfcf6

  • MD5

    6deabdc275d23d129f6270391e859546

  • SHA1

    fcc963bc185177d5ac29026402207ab913ec5782

  • SHA256

    122a9255be691a812552f2a8c57860e9355082d9cd376634dc575e235f90e118

  • SHA512

    f103c3149e2e35c1088cf9eaa9cb28ea46d67ba239ec0ce3fdaac2d46e066a4f85bd6ce96994a678e8c13af45ab1903e4b6bfaaee732c2c3295ed0cba57c2790

Score
10/10
xmrigevasionminerpersistencetrojanupx

Malware Config

Targets

    • Target

      new.bin

    • Size

      72KB

    • MD5

      6deabdc275d23d129f6270391e859546

    • SHA1

      fcc963bc185177d5ac29026402207ab913ec5782

    • SHA256

      122a9255be691a812552f2a8c57860e9355082d9cd376634dc575e235f90e118

    • SHA512

      f103c3149e2e35c1088cf9eaa9cb28ea46d67ba239ec0ce3fdaac2d46e066a4f85bd6ce96994a678e8c13af45ab1903e4b6bfaaee732c2c3295ed0cba57c2790

    Score
    10/10
    xmrigevasionminerpersistencetrojanupx

    • Windows security bypass

      evasiontrojan

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks