General

  • Target

    54b803e59c04d3b88b1a6e8e2ff3ad65cddcaa164733b67319a897b974a926cf

  • Size

    1.1MB

  • Sample

    220520-dypawsaddk

  • MD5

    095cb62a0daf1fea377ab60917a24b67

  • SHA1

    5a3cd2b24201a7cf6a98d6f1a06aa984dfed0e8c

  • SHA256

    54b803e59c04d3b88b1a6e8e2ff3ad65cddcaa164733b67319a897b974a926cf

  • SHA512

    55194c0e738f3872ea1fb8a64881f6265ea9ec2bff2dbd722166283ac93a12fb85077aaf9b7ca075d69d58d2467460b1d7ab715f86796e8ec09df62980487d80

Malware Config

Targets

    • Target

      54b803e59c04d3b88b1a6e8e2ff3ad65cddcaa164733b67319a897b974a926cf

    • Size

      1.1MB

    • MD5

      095cb62a0daf1fea377ab60917a24b67

    • SHA1

      5a3cd2b24201a7cf6a98d6f1a06aa984dfed0e8c

    • SHA256

      54b803e59c04d3b88b1a6e8e2ff3ad65cddcaa164733b67319a897b974a926cf

    • SHA512

      55194c0e738f3872ea1fb8a64881f6265ea9ec2bff2dbd722166283ac93a12fb85077aaf9b7ca075d69d58d2467460b1d7ab715f86796e8ec09df62980487d80

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • XMRig Miner Payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Cryptocurrency Miner

      Makes network request to known mining pool URL.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks