General

  • Target

    e2cd8fd988a9a08f4bd73d7343ae54e68ee2a0a4728277792115edc86900e899

  • Size

    6.8MB

  • Sample

    220124-dkngfaagg6

  • MD5

    6512121c74cff138e74b8de7fc109c44

  • SHA1

    c52198f82d56a48544e66fc68a18749b839dde41

  • SHA256

    e2cd8fd988a9a08f4bd73d7343ae54e68ee2a0a4728277792115edc86900e899

  • SHA512

    3430619eeecb2fbd83ae7724855c8e6112a80adc491cd306dc8f2b1854adbbdafbfc8e3ce30ddae9c7a71f6382ce4aa006ea88e0a8c02be03f1aaf48cca3aa82

Malware Config

Targets

    • Target

      e2cd8fd988a9a08f4bd73d7343ae54e68ee2a0a4728277792115edc86900e899

    • Size

      6.8MB

    • MD5

      6512121c74cff138e74b8de7fc109c44

    • SHA1

      c52198f82d56a48544e66fc68a18749b839dde41

    • SHA256

      e2cd8fd988a9a08f4bd73d7343ae54e68ee2a0a4728277792115edc86900e899

    • SHA512

      3430619eeecb2fbd83ae7724855c8e6112a80adc491cd306dc8f2b1854adbbdafbfc8e3ce30ddae9c7a71f6382ce4aa006ea88e0a8c02be03f1aaf48cca3aa82

    • StrongPity

      StrongPity is a spyware developed by PROMETHIUM APT group mainly used in government sponsored attacks.

    • StrongPity Spyware

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks