General

  • Target

    主管透露公开利用彩金充值赠送话术.7z

  • Size

    616KB

  • Sample

    211205-bdevlseeg4

  • MD5

    e31775fa249d465f847eaf509b80e9e5

  • SHA1

    d7abd66ce84f18254fdad3b4dd7606bb86374940

  • SHA256

    8fd8c53c6f6fcdacbee5f8a320a0d46e6defad7fa6f2ff34b0e283c2ed1249b3

  • SHA512

    c1ac650087873fba35d192f364d568153c05c26e4d786af5ed16f77e926c9b4c85a956b6a9cc84ec982930efc8b47af03ada148a7335ad3c3b1fa5ff0ee639c1

Malware Config

Targets

    • Target

      ????????????????.com

    • Size

      820KB

    • MD5

      11985a5f1baa69c64d43dd67eee3b95f

    • SHA1

      a579cc38d40fbc39d9d14d4b290cdeec433b0c45

    • SHA256

      8f83e16612f5fd5db6d74da7a9de542becd19a52b3916380235c32adbf50ee7e

    • SHA512

      d40113b6b467d7b3890be76dd34d831e7141171e3253c6d724e9e92b4138dfb93af7bfa336a240e25a333546860dab856b9942c95b4fbfd8ca55dd79696ba2ce

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks