General
-
Target
c32ff3c02f5ec47707631568f2f5435e3391820a7c238925a782e6e74656134e
-
Size
9.4MB
-
Sample
220520-g6rb1aghcm
-
MD5
c014edde246b35f3a7379cb4c5e1185e
-
SHA1
584ae3a33acdd163750007847543826a15d95df9
-
SHA256
c32ff3c02f5ec47707631568f2f5435e3391820a7c238925a782e6e74656134e
-
SHA512
522c4fa3645c30ed1e863b52cbf1f089a0c41075e52b5323c7079ab3ef80b850893d5be49f5c7a047f284c901ba56801a5d626e2a3d4e4c99f18d36e72f7e4be
Static task
static1
Behavioral task
behavioral1
Sample
c32ff3c02f5ec47707631568f2f5435e3391820a7c238925a782e6e74656134e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c32ff3c02f5ec47707631568f2f5435e3391820a7c238925a782e6e74656134e.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
c32ff3c02f5ec47707631568f2f5435e3391820a7c238925a782e6e74656134e
-
Size
9.4MB
-
MD5
c014edde246b35f3a7379cb4c5e1185e
-
SHA1
584ae3a33acdd163750007847543826a15d95df9
-
SHA256
c32ff3c02f5ec47707631568f2f5435e3391820a7c238925a782e6e74656134e
-
SHA512
522c4fa3645c30ed1e863b52cbf1f089a0c41075e52b5323c7079ab3ef80b850893d5be49f5c7a047f284c901ba56801a5d626e2a3d4e4c99f18d36e72f7e4be
Score10/10-
XMRig Miner Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-