Overview

overview

10

Static

static

15179b743d...95.exe

windows7_x64

10

15179b743d...95.exe

windows10_x64

10

4fa1176e4a...91.exe

windows7_x64

10

4fa1176e4a...91.exe

windows10_x64

10

b51944f544...6a.exe

windows7_x64

10

b51944f544...6a.exe

windows10_x64

10

b91245cf0f...42.exe

windows7_x64

10

b91245cf0f...42.exe

windows10_x64

8

cd2eb403d5...71.exe

windows7_x64

10

cd2eb403d5...71.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4927834914193408.zip

  • Size

    500KB

  • Sample

    211018-ldvaeadcf9

  • MD5

    7a25924f52dec17120b5f9cf478b5788

  • SHA1

    1a88cc67798962463a63a87a0b3c29c3b9f0f173

  • SHA256

    269418090e8be5de1625ff26c789f5be7be2ed5d690328647152ecb4d540f3ab

  • SHA512

    f7925cdba48e39a77f2d27f9c9b35ac7847241ca034b9bd870aec46865b226ad1be6ab3990a51f6a21b5885fdf4b3fb21e00b41cb50cb450c27ade051209e7c6

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      15179b743d691ce6b078c2a2647269a8dbd4d89f1d15740282969e25c6cce495

    • Size

      363KB

    • MD5

      ba83142843d864461323409a8e66d019

    • SHA1

      324755f66855101d04fc1996c866d94fe9b98fdb

    • SHA256

      15179b743d691ce6b078c2a2647269a8dbd4d89f1d15740282969e25c6cce495

    • SHA512

      83da0efb5f04a9c2f501a7e563fbcbe5e7f72b3dbf5468275c5204d3f082c6b06bff0e65a608b6a33ad988c6c9498abb085c059c25e387609887bf4ee54f371b

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      4fa1176e4a82538dcb691fb8dbc210429f7b7ac6897ad9ef471f6e90bb29ee91

    • Size

      110KB

    • MD5

      40dfeb7c26a3f4a296964cc4c4a3eee2

    • SHA1

      495b2d5b638bf71f3515f1e5ebf23a6225745479

    • SHA256

      4fa1176e4a82538dcb691fb8dbc210429f7b7ac6897ad9ef471f6e90bb29ee91

    • SHA512

      508efa51ef55a4ed1ce09a24a23a646e5a0dcaa35ad41ca9bb382666d4a2e6ccc1e5d97452491771b709d263602c572abcdbe877c58ad2c1e4da182505d43422

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      b51944f54452b85a09eb4ed91f415bed8513faab405244f58e0b48c70d53406a

    • Size

      374KB

    • MD5

      a30ef4d81898a13e5335436ae5b78c54

    • SHA1

      376ba089155e2480bf6ef51c9262da11a45b1181

    • SHA256

      b51944f54452b85a09eb4ed91f415bed8513faab405244f58e0b48c70d53406a

    • SHA512

      833906aef9a2ae3eb014e68321bb97f3e9f687d27a90fdf9eddb6e7ba51425b23370f6f25b3e0ff12bd7076de8cf816a5cf7b6be33a7144b757786182fdfba12

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      b91245cf0fafad7150a5bc335335b2342f39bf920eb81ca8d6b890ebae737e42

    • Size

      366KB

    • MD5

      abd24faa60515f22c32a5f03d2473620

    • SHA1

      5e0b8b5c062839c839367f651e9fed8f3171328a

    • SHA256

      b91245cf0fafad7150a5bc335335b2342f39bf920eb81ca8d6b890ebae737e42

    • SHA512

      3306506a865b51b1c25a35d49e1fee5752371b7a917bd6adbb84e94d523e5b536372f6a2ce9dbc064939cf4f9c57fcfdc45bcd839a9d7fcdc6a12618e368ae06

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      cd2eb403d51be7281c7166a1a88707d768e547197c853263213da955446dd871

    • Size

      534KB

    • MD5

      ad32f5c567edf16aba5dfedbd527084a

    • SHA1

      9fbf7632af542f4e50b60d849518bb840544f1a6

    • SHA256

      cd2eb403d51be7281c7166a1a88707d768e547197c853263213da955446dd871

    • SHA512

      20900fbd14dd4fb13ea7757fcebaf6cd130be1201f02320e7d70f203eb629eb2b983af121fe4f63719c25565490d140c10ad7ae382d7effca4e6ca9de6d8ef6e

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral9behavioral10

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

5
T1130

Modify Registry

5
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks