Overview

overview

9

Static

static

a6afd67668...3d.exe

windows7_x64

9

a6afd67668...3d.exe

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6afd676687acf2d56ec65844e8543dd528b310e2b977c394824a2ca96b23e3d

  • Size

    5.5MB

  • Sample

    220520-d1hwwsfff9

  • MD5

    59d3d2406da9ec9591a7f5064375603c

  • SHA1

    a43f3d2ebfdf2700edec93c1aa3e8d7e529a0294

  • SHA256

    a6afd676687acf2d56ec65844e8543dd528b310e2b977c394824a2ca96b23e3d

  • SHA512

    233c715a750e159deb27c1e0d57856d47f8e7ab118933749bf8167abe3f3611fc094bf53584e708e5b34b224435f71ffcf3c85b85f7a00aeb917968b4e5dfad5

Score
9/10
minerpersistence

Malware Config

Targets

    • Target

      a6afd676687acf2d56ec65844e8543dd528b310e2b977c394824a2ca96b23e3d

    • Size

      5.5MB

    • MD5

      59d3d2406da9ec9591a7f5064375603c

    • SHA1

      a43f3d2ebfdf2700edec93c1aa3e8d7e529a0294

    • SHA256

      a6afd676687acf2d56ec65844e8543dd528b310e2b977c394824a2ca96b23e3d

    • SHA512

      233c715a750e159deb27c1e0d57856d47f8e7ab118933749bf8167abe3f3611fc094bf53584e708e5b34b224435f71ffcf3c85b85f7a00aeb917968b4e5dfad5

    Score
    9/10
    minerpersistence

    • Detected Stratum cryptominer command

      Looks to be attempting to contact Stratum mining pool.

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks