General
-
Target
31ac877d8c2c2a897eaff36b17d755466b8612ad2661510dd6b0d9484a2b1f6f
-
Size
11.8MB
-
Sample
220214-f7gnhsfcg7
-
MD5
b3e7aa693426736a592f3c9285f4d43f
-
SHA1
ed1db0ceffef65fb93a0a7863dee7f3a0d5506d0
-
SHA256
31ac877d8c2c2a897eaff36b17d755466b8612ad2661510dd6b0d9484a2b1f6f
-
SHA512
70a0434385a9dd336dcaf84a10716a8366d808cc5483401da054ad4ba017debf8e430a3803980167aedea9bc33322bcddb58fcaa2bd25e3eca15da5e12a2ed9d
Static task
static1
Behavioral task
behavioral1
Sample
31ac877d8c2c2a897eaff36b17d755466b8612ad2661510dd6b0d9484a2b1f6f.exe
Resource
win7-en-20211208
Malware Config
Extracted
https://pastebin.com/raw/gC5dfjh9
Targets
-
-
Target
31ac877d8c2c2a897eaff36b17d755466b8612ad2661510dd6b0d9484a2b1f6f
-
Size
11.8MB
-
MD5
b3e7aa693426736a592f3c9285f4d43f
-
SHA1
ed1db0ceffef65fb93a0a7863dee7f3a0d5506d0
-
SHA256
31ac877d8c2c2a897eaff36b17d755466b8612ad2661510dd6b0d9484a2b1f6f
-
SHA512
70a0434385a9dd336dcaf84a10716a8366d808cc5483401da054ad4ba017debf8e430a3803980167aedea9bc33322bcddb58fcaa2bd25e3eca15da5e12a2ed9d
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-