General

  • Target

    529831a3e5b7b61f74f7a426e828210017daf1eea2cbf7cf997c13d82822aef8

  • Size

    4.2MB

  • Sample

    220504-pxn5aadgb7

  • MD5

    8268ff95b3aaea6d6de8f02a73c323d2

  • SHA1

    ae470145c4f5780315b52aa1c57ae0c04a2d18ca

  • SHA256

    529831a3e5b7b61f74f7a426e828210017daf1eea2cbf7cf997c13d82822aef8

  • SHA512

    9603dde1bfd9874637e63a268a7c8f85032892b4e58d3f96678dfbb52b453a972e00cd49077574e58726d3c5045788ede5a9b81c89a464342d5b64070c7325c0

Malware Config

Targets

    • Target

      529831a3e5b7b61f74f7a426e828210017daf1eea2cbf7cf997c13d82822aef8

    • Size

      4.2MB

    • MD5

      8268ff95b3aaea6d6de8f02a73c323d2

    • SHA1

      ae470145c4f5780315b52aa1c57ae0c04a2d18ca

    • SHA256

      529831a3e5b7b61f74f7a426e828210017daf1eea2cbf7cf997c13d82822aef8

    • SHA512

      9603dde1bfd9874637e63a268a7c8f85032892b4e58d3f96678dfbb52b453a972e00cd49077574e58726d3c5045788ede5a9b81c89a464342d5b64070c7325c0

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner Payload

    • Executes dropped EXE

    • Possible privilege escalation attempt

    • Stops running service(s)

    • Modifies file permissions

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Impair Defenses

1
T1562

File Permissions Modification

1
T1222

Impact

Service Stop

1
T1489

Tasks