General
-
Target
sqlservr.exe.7z
-
Size
3MB
-
Sample
211203-vfgxjahafr
-
MD5
0923d82afd72038a03dda84170b793bb
-
SHA1
2ac02a4b0e0dc807e8e3328934d5007002b12514
-
SHA256
3f5c16db3f1a5bb724288688d15038da32f1b89cbd662fddc9def8b8da2a84c1
-
SHA512
515238347da2af77d82b4ac4be420d6c89b25dc836c3e13cdb02aee45380df374363bfd182aa84a26fac835ae7eb2241a4b2798b236b2e09721a7af55bcc1ff4
Static task
static1
Malware Config
Targets
-
-
Target
sqlservr.exe.7z
-
Size
3MB
-
MD5
0923d82afd72038a03dda84170b793bb
-
SHA1
2ac02a4b0e0dc807e8e3328934d5007002b12514
-
SHA256
3f5c16db3f1a5bb724288688d15038da32f1b89cbd662fddc9def8b8da2a84c1
-
SHA512
515238347da2af77d82b4ac4be420d6c89b25dc836c3e13cdb02aee45380df374363bfd182aa84a26fac835ae7eb2241a4b2798b236b2e09721a7af55bcc1ff4
-
Registers COM server for autorun
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file execution options in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-