Overview

overview

10

Static

static

10

067aeb2967...aa.exe

windows7_x64

10

067aeb2967...aa.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    067aeb2967ebfa07249750507c53f086c1e0e261216773466272c230a3f148aa

  • Size

    1.8MB

  • Sample

    220516-pwzjmabha3

  • MD5

    05a1194053bd7ea213ac41273ea0372d

  • SHA1

    72b33f00226ce3503f4670d61f9511d084509aa3

  • SHA256

    067aeb2967ebfa07249750507c53f086c1e0e261216773466272c230a3f148aa

  • SHA512

    daefd259d42ff19ef0881e5324b8196308cebe82d266d0856d235449b4da1ef6b43aa896b657b8e43f15b0f6d424344ee0eaf91523d55676abd87f087452428d

Score
10/10
xmrigminerupx

Malware Config

Targets

    • Target

      067aeb2967ebfa07249750507c53f086c1e0e261216773466272c230a3f148aa

    • Size

      1.8MB

    • MD5

      05a1194053bd7ea213ac41273ea0372d

    • SHA1

      72b33f00226ce3503f4670d61f9511d084509aa3

    • SHA256

      067aeb2967ebfa07249750507c53f086c1e0e261216773466272c230a3f148aa

    • SHA512

      daefd259d42ff19ef0881e5324b8196308cebe82d266d0856d235449b4da1ef6b43aa896b657b8e43f15b0f6d424344ee0eaf91523d55676abd87f087452428d

    Score
    10/10
    xmrigminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks