a4b172b6d8cea90214cccec4a531c881b5bad6b641370e838a09422a183f7301

General
Target

a4b172b6d8cea90214cccec4a531c881b5bad6b641370e838a09422a183f7301

Size

7MB

Sample

220516-a7sg5ahac7

Score
10 /10
MD5

95104aa61ed30687c13e5c644d5722f3

SHA1

f9788f808044d448f73203d93da0021cefb781ff

SHA256

a4b172b6d8cea90214cccec4a531c881b5bad6b641370e838a09422a183f7301

SHA512

99dcd2463ad6c56eaeedbdd96c8ff0564aadb27b14f0ce047397e8791f1d886d07d104d76908e2ed7e3918c35ca52e643c1d02ed8bde16c76d18dc40b9b66bce

Malware Config
Targets
Target

a4b172b6d8cea90214cccec4a531c881b5bad6b641370e838a09422a183f7301

MD5

95104aa61ed30687c13e5c644d5722f3

Filesize

7MB

Score
10/10
SHA1

f9788f808044d448f73203d93da0021cefb781ff

SHA256

a4b172b6d8cea90214cccec4a531c881b5bad6b641370e838a09422a183f7301

SHA512

99dcd2463ad6c56eaeedbdd96c8ff0564aadb27b14f0ce047397e8791f1d886d07d104d76908e2ed7e3918c35ca52e643c1d02ed8bde16c76d18dc40b9b66bce

Tags

Signatures

  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • XMRig Miner Payload

    Tags

  • Executes dropped EXE

  • Possible privilege escalation attempt

    Tags

  • Stops running service(s)

    Tags

    TTPs

    Modify Existing ServiceService Stop
  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10