General
-
Target
a00eadb0f2e3f60cbb65a83524faf46c
-
Size
2.3MB
-
Sample
220422-m8j9csgdhq
-
MD5
a00eadb0f2e3f60cbb65a83524faf46c
-
SHA1
4b05ee08ecff3dc1b8a2b82b1fa208642616a00f
-
SHA256
d28e9540401428e9fbcfe7a34b5dd21768c1208c0a8466d06e25d3dce12da1ab
-
SHA512
58b07c32ad33f497cd287c3a05850c88106407d40679320688f289d25352ec73081fbb044a2ad191bc9955a1e9893cd34b23a3e4875c96876fff64b869fdfaf1
Static task
static1
Behavioral task
behavioral1
Sample
Cleaner.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Cleaner.exe
-
Size
2.3MB
-
MD5
20e46ebb79a42cf493dd3ad6129ba5ee
-
SHA1
84adc64bf4f3e7d886d6502292b23d57d26f8272
-
SHA256
28432c6b761d9a0d6d3a80cbeda9b6f745cf55b5a2c234737afe493d1ff11158
-
SHA512
4944f8a8f3eeb4321f59e295946724aab209ea42189a754334d0e10b88a8a5fe0842ec1e05f54fba874808305d9f11c8495fe776800dc8dd750389194ab3d7c8
-
Modifies security service
-
XMRig Miner Payload
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-