General

  • Target

    宝妈做任务单被骗27万聊天记录曝光.rar

  • Size

    623KB

  • Sample

    211205-bednyaeeg7

  • MD5

    3590cd0211742a869177f4641e4172e1

  • SHA1

    67385b620d490aeef09c77f025be8f0628a76717

  • SHA256

    1727f053b510b8de505a6f8ca1f7a7214ca1525e556a600ca890af00eccae81d

  • SHA512

    ce8051450fd9722b135dbe2f6a7acf24165c2f3f3d1180098abeb10711ca088769dbd466dc120c703fc337b364f334c468e3f719dd0a6ce192dc4eab52a7b903

Malware Config

Targets

    • Target

      宝妈做任务单被骗27万聊天记录曝光.com

    • Size

      820KB

    • MD5

      11985a5f1baa69c64d43dd67eee3b95f

    • SHA1

      a579cc38d40fbc39d9d14d4b290cdeec433b0c45

    • SHA256

      8f83e16612f5fd5db6d74da7a9de542becd19a52b3916380235c32adbf50ee7e

    • SHA512

      d40113b6b467d7b3890be76dd34d831e7141171e3253c6d724e9e92b4138dfb93af7bfa336a240e25a333546860dab856b9942c95b4fbfd8ca55dd79696ba2ce

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks