Overview

overview

10

Static

static

1

057828dc4c...b7.exe

windows7_x64

8

057828dc4c...b7.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    057828dc4c06811b445afb5cf74f8eb7.exe

  • Size

    89KB

  • Sample

    211209-y5klhadgh8

  • MD5

    057828dc4c06811b445afb5cf74f8eb7

  • SHA1

    2a6fe6546989944a96bba70564731bc303f1c09d

  • SHA256

    86110204de85542d07e73eac81280f23e34480a56d2e085e6376f520b09ef6a0

  • SHA512

    a056c36f877fb905d5908e177f62692b0b4915914fd923569888327dec13947cc1930325235123dbd622794649bd2c4a6b07f2b11c5b9eb37dff3945b020270d

Score
10/10
xmrigminerpersistence

Malware Config

Targets

    • Target

      057828dc4c06811b445afb5cf74f8eb7.exe

    • Size

      89KB

    • MD5

      057828dc4c06811b445afb5cf74f8eb7

    • SHA1

      2a6fe6546989944a96bba70564731bc303f1c09d

    • SHA256

      86110204de85542d07e73eac81280f23e34480a56d2e085e6376f520b09ef6a0

    • SHA512

      a056c36f877fb905d5908e177f62692b0b4915914fd923569888327dec13947cc1930325235123dbd622794649bd2c4a6b07f2b11c5b9eb37dff3945b020270d

    Score
    10/10
    persistencexmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks