General
-
Target
c671c024595fbae1bcb523930b41952a.bin
-
Size
6.7MB
-
Sample
220513-fndshsfedp
-
MD5
c671c024595fbae1bcb523930b41952a
-
SHA1
af16bda06ebf490087aac1e444e25017e180c7d4
-
SHA256
39b66a47affa0edde59d74760fc17de28c0d3cbabe7469d382a721ea91b5c123
-
SHA512
fb1d9e0488eb247c54b86a0fbb7f1929d6ead0de3502d44e5db701aff3b3df0d7b312939e02bb89790006ea4337dc63b973ce5a2971e132a4188d003ddc95a3b
Static task
static1
Behavioral task
behavioral1
Sample
c671c024595fbae1bcb523930b41952a.exe
Resource
win7-20220414-en
Malware Config
Extracted
http://45.81.224.130/any.exe
Extracted
http://45.81.224.130/curl.exe
Targets
-
-
Target
c671c024595fbae1bcb523930b41952a.bin
-
Size
6.7MB
-
MD5
c671c024595fbae1bcb523930b41952a
-
SHA1
af16bda06ebf490087aac1e444e25017e180c7d4
-
SHA256
39b66a47affa0edde59d74760fc17de28c0d3cbabe7469d382a721ea91b5c123
-
SHA512
fb1d9e0488eb247c54b86a0fbb7f1929d6ead0de3502d44e5db701aff3b3df0d7b312939e02bb89790006ea4337dc63b973ce5a2971e132a4188d003ddc95a3b
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-