4c197614f55315eb5832d46451e00b0157bffa76b6e1b2180104d2552448de8d | Triage

Submit
Reports

Overview

overview

9

Static

static

tmp.exe

windows7_x64

9

tmp.exe

windows10-2004_x64

9

Sharing

General

Target

tmp
Size

12.0MB
Sample

220517-qsj57sfbcq
MD5

df6954981e91e7edac214fbacc452a96
SHA1

e826c4fd82563792315895b1fac558cbc75669d3
SHA256

4c197614f55315eb5832d46451e00b0157bffa76b6e1b2180104d2552448de8d
SHA512

c5168e2e77a93c37f29e0263672f24dc818a1d9f1d2b19064585ee30f2db489122b60c7bced2964b6b45358b68672f8589dc1cb9522e0d138c98ede787c48b89

Score

9^/10

bootkit miner persistence vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220414-en

bootkit miner persistence vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220414-en

bootkit miner persistence vmprotect

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  12.0MB
- MD5
  
  df6954981e91e7edac214fbacc452a96
- SHA1
  
  e826c4fd82563792315895b1fac558cbc75669d3
- SHA256
  
  4c197614f55315eb5832d46451e00b0157bffa76b6e1b2180104d2552448de8d
- SHA512
  
  c5168e2e77a93c37f29e0263672f24dc818a1d9f1d2b19064585ee30f2db489122b60c7bced2964b6b45358b68672f8589dc1cb9522e0d138c98ede787c48b89
Score

9^/10

bootkit miner persistence vmprotect
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitminerpersistencevmprotect

behavioral2

bootkitminerpersistencevmprotect

© 2018-2024

Terms | Privacy