Overview

overview

10

Static

static

8

SecuriteIn...18.exe

windows7_x64

8

SecuriteIn...18.exe

windows10-2004_x64

10

Resubmissions

20-05-2022 09:17

220520-k9cjsshfd2 8

20-05-2022 08:00

220520-jvzv4sbhgn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.DownLoader44.59135.30418.14825

  • Size

    4.8MB

  • Sample

    220520-jvzv4sbhgn

  • MD5

    b4aa27a1339c69d99121a4fe4fac94f7

  • SHA1

    72cd9ebfd59e9c5a45c22dd5f6aa8d4cb9ba9d26

  • SHA256

    a738f6016086abdd2824b797ec67feee3bc39d52b0b0ae94bd1384c58ed3d5d6

  • SHA512

    3550565464695370bdc761327eea1502e523a8b5f5780c6d7942e2be480d40a262897009c6e459110ac0b146ad05f69f9c7d099ad88eaca39975907f95d3e184

Score
10/10
xmrigminerupx

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.DownLoader44.59135.30418.14825

    • Size

      4.8MB

    • MD5

      b4aa27a1339c69d99121a4fe4fac94f7

    • SHA1

      72cd9ebfd59e9c5a45c22dd5f6aa8d4cb9ba9d26

    • SHA256

      a738f6016086abdd2824b797ec67feee3bc39d52b0b0ae94bd1384c58ed3d5d6

    • SHA512

      3550565464695370bdc761327eea1502e523a8b5f5780c6d7942e2be480d40a262897009c6e459110ac0b146ad05f69f9c7d099ad88eaca39975907f95d3e184

    Score
    10/10
    upxxmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks