General
-
Target
ReanimatorStart.exe
-
Size
34.7MB
-
Sample
211018-k4y6lsebgj
-
MD5
1bd6eb351472b421365999b9a4cb32b0
-
SHA1
8d37b3629ac0571b5ca83c9a298eb52e13c1f70a
-
SHA256
67f4bbfec24361fe4894094571feace68cf4282b080276c835363d8bd11a6672
-
SHA512
01d468943245799a03f2faa3f49a674fca57467f6c44458e9ace7fe71d7a30904cc8bd157446f86ef591b77aa70e30ec8a5247f72ebf7dd60ede33d5ae80b8dc
Malware Config
Targets
-
-
Target
ReanimatorStart.exe
-
Size
34.7MB
-
MD5
1bd6eb351472b421365999b9a4cb32b0
-
SHA1
8d37b3629ac0571b5ca83c9a298eb52e13c1f70a
-
SHA256
67f4bbfec24361fe4894094571feace68cf4282b080276c835363d8bd11a6672
-
SHA512
01d468943245799a03f2faa3f49a674fca57467f6c44458e9ace7fe71d7a30904cc8bd157446f86ef591b77aa70e30ec8a5247f72ebf7dd60ede33d5ae80b8dc
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Executes dropped EXE
-
Modifies Shared Task Scheduler registry keys
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-