General
-
Target
aa.exe
-
Size
28.1MB
-
Sample
220519-b4l2lsbcdk
-
MD5
f9b2e96e5044fdaa7d923d516f6206e8
-
SHA1
936f9c88a574fede2fd37e54189e4b69c1215163
-
SHA256
b8a09b445da4d1904cd5b184ffbf3e994ab137360131f89af3c08e3e9756c63a
-
SHA512
c4e622c9e88c5cef755abbc08db1368bc4656e80a349e5920566c003d7f800d0a4cf1f3164d18a87f42d5269f39089f2a2d0894f622fbede0930b66a827c77a1
Behavioral task
behavioral1
Sample
aa.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
aa.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
aa.exe
-
Size
28.1MB
-
MD5
f9b2e96e5044fdaa7d923d516f6206e8
-
SHA1
936f9c88a574fede2fd37e54189e4b69c1215163
-
SHA256
b8a09b445da4d1904cd5b184ffbf3e994ab137360131f89af3c08e3e9756c63a
-
SHA512
c4e622c9e88c5cef755abbc08db1368bc4656e80a349e5920566c003d7f800d0a4cf1f3164d18a87f42d5269f39089f2a2d0894f622fbede0930b66a827c77a1
Score10/10-
Modifies WinLogon for persistence
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-