Overview

overview

10

Static

static

AWC.dll

windows7_x64

1

AWC.dll

windows10-2004_x64

3

Injector.exe

windows7_x64

10

Injector.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1afe5910f896d63391e1ed774700fe71557255a548d14a3e3c4f2d902eff1f7f

  • Size

    10.0MB

  • Sample

    220520-g6vdnaghcp

  • MD5

    8ad9b14ff4e87327688b2ce3e0693367

  • SHA1

    6c18d0f48236c9dd9e5dde6eda8dfba9f1d20c2b

  • SHA256

    1afe5910f896d63391e1ed774700fe71557255a548d14a3e3c4f2d902eff1f7f

  • SHA512

    b0112c8a30a51d1ae912195a83cd2e6e3357196cf1d413b28f574ab22b74a5ae2de89354d28cf6f2ad19345e5a4f2d00ea6bf5f665204e6ba70f6328607ab3f1

Score
10/10
xmrigminerpersistenceupx

Malware Config

Targets

    • Target

      AWC.dll

    • Size

      2.8MB

    • MD5

      e44955de07b7852360962ab04b9cf256

    • SHA1

      c9d97f414c9ce0db34a84d6b84b331397de853ff

    • SHA256

      287b654b6c588d3d2595307f0e5f48897742c798f1ce232f40e774e8f2242181

    • SHA512

      ebdfb07ed7bdaf38fe21448ed1ca9b8e2fd7bc1de3879842926f45fb582bb2dd4c92454665930baade1d075918978ed36233d13e84898ecb1050c5405ecd4446

    Score
    3/10
    behavioral1behavioral2

    • Target

      Injector.exe

    • Size

      9.4MB

    • MD5

      c014edde246b35f3a7379cb4c5e1185e

    • SHA1

      584ae3a33acdd163750007847543826a15d95df9

    • SHA256

      c32ff3c02f5ec47707631568f2f5435e3391820a7c238925a782e6e74656134e

    • SHA512

      522c4fa3645c30ed1e863b52cbf1f089a0c41075e52b5323c7079ab3ef80b850893d5be49f5c7a047f284c901ba56801a5d626e2a3d4e4c99f18d36e72f7e4be

    Score
    10/10
    xmrigminerpersistenceupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks