Overview

overview

9

Static

static

028a3c4ac5...0a.exe

windows7_x64

9

028a3c4ac5...0a.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5702885550751744.zip

  • Size

    6.9MB

  • Sample

    211209-wjrrkseedn

  • MD5

    56bd9e51b9fbd147cfc44386fe4eb8b8

  • SHA1

    38fb4bdbf1976ac4911c1d8606c3e845f7fcfd5d

  • SHA256

    0e1d157645c2b6516483094c63578c8e049a2dd443be190c5d3d1601d87e35ee

  • SHA512

    1049a3ac0e503e705e8586c7b0b531fc4971d68697f26943cf0e81b8f3b02714f9e54f98c4c4ce2a12008072e00c49ebf2d8b2574818871d87244afb11657398

Score
9/10
minerpersistenceupx

Malware Config

Targets

    • Target

      028a3c4ac5d54628ff50659c08e00c776b66ca92d60e378dbe5d8e742af5840a

    • Size

      9.6MB

    • MD5

      b90d8102c92b66276444c0862898b392

    • SHA1

      7548be7467ae40ab855bdd721887bf4c59c7b1c9

    • SHA256

      028a3c4ac5d54628ff50659c08e00c776b66ca92d60e378dbe5d8e742af5840a

    • SHA512

      ef30f3f601d093971eb64f7afb20c73b112c4e5275b476fc2b78257757020163c6373a93d6e972c12adce59615e4b10bcd0d8d713826119d9112eb1bee42b9fb

    Score
    9/10
    minerpersistenceupx

    • Detected Stratum cryptominer command

      Looks to be attempting to contact Stratum mining pool.

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks