Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

a4b172b6d8cea90214cccec4a531c881b5bad6b641370e838a09422a183f7301
Size

7MB
Sample

220516-a7sg5ahac7
MD5

95104aa61ed30687c13e5c644d5722f3
SHA1

f9788f808044d448f73203d93da0021cefb781ff
SHA256

a4b172b6d8cea90214cccec4a531c881b5bad6b641370e838a09422a183f7301
SHA512

99dcd2463ad6c56eaeedbdd96c8ff0564aadb27b14f0ce047397e8791f1d886d07d104d76908e2ed7e3918c35ca52e643c1d02ed8bde16c76d18dc40b9b66bce

Score

10^/10

xmrig discovery evasion exploit miner

Malware Config

Targets

- Target
  
  a4b172b6d8cea90214cccec4a531c881b5bad6b641370e838a09422a183f7301
- Size
  
  7MB
- MD5
  
  95104aa61ed30687c13e5c644d5722f3
- SHA1
  
  f9788f808044d448f73203d93da0021cefb781ff
- SHA256
  
  a4b172b6d8cea90214cccec4a531c881b5bad6b641370e838a09422a183f7301
- SHA512
  
  99dcd2463ad6c56eaeedbdd96c8ff0564aadb27b14f0ce047397e8791f1d886d07d104d76908e2ed7e3918c35ca52e643c1d02ed8bde16c76d18dc40b9b66bce
Score

10^/10

discovery evasion exploit xmrig miner
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

File Permissions Modification

T1222

Discovery

Execution

Exfiltration

Impact

Service Stop

T1489

Initial Access

Lateral Movement

Persistence

Modify Existing Service

T1031

Scheduled Task

T1053

Privilege Escalation

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

xmrigdiscoveryevasionexploitminer