hxxps://oxy[.]name/d/Jmxf | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

1

https://oxy.name/d/J...

windows10-2004_x64

Sharing

General

Target

https://oxy.name/d/Jmxf
Sample

220519-yskqqsbdg8

Score

10^/10

evasion miner trojan vmprotect

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://oxy.name/d/Jmxf

Resource

win10v2004-20220414-en

evasion miner trojan vmprotect

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  https://oxy.name/d/Jmxf
Score

10^/10

evasion miner trojan vmprotect
- Windows security bypass
  evasion trojan
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

evasionminertrojanvmprotect

© 2018-2024

Terms | Privacy