Overview

overview

10

Static

static

10

81b138ea59...c5.exe

windows7_x64

10

81b138ea59...c5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81b138ea59a1da4e898a9dc2fc03fb379c718bcbbc01f4df582cee167ac9f3c5

  • Size

    2.3MB

  • Sample

    220516-n4p5gsaea5

  • MD5

    0a3b51f8e597b68101a4c89ce160d38f

  • SHA1

    97f1311da07de953f130b760ffb7553ca4a351ce

  • SHA256

    81b138ea59a1da4e898a9dc2fc03fb379c718bcbbc01f4df582cee167ac9f3c5

  • SHA512

    eb540f0966eee7aab9599af2dc98045812b3f9066142fe8e306fa50fe56b1c6c92d73d442befe0d40931be51ab169c0705242aeb029fad55700d2ef41534614f

Score
10/10
xmrigminerupx

Malware Config

Targets

    • Target

      81b138ea59a1da4e898a9dc2fc03fb379c718bcbbc01f4df582cee167ac9f3c5

    • Size

      2.3MB

    • MD5

      0a3b51f8e597b68101a4c89ce160d38f

    • SHA1

      97f1311da07de953f130b760ffb7553ca4a351ce

    • SHA256

      81b138ea59a1da4e898a9dc2fc03fb379c718bcbbc01f4df582cee167ac9f3c5

    • SHA512

      eb540f0966eee7aab9599af2dc98045812b3f9066142fe8e306fa50fe56b1c6c92d73d442befe0d40931be51ab169c0705242aeb029fad55700d2ef41534614f

    Score
    10/10
    xmrigminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks