Overview

overview

9

Static

static

f78393df5e...65.exe

windows7_x64

9

f78393df5e...65.exe

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f78393df5e1e6a6e8d9ab84d4c4f376235398180bce127e9a2170e926d7f8d65

  • Size

    2MB

  • Sample

    220521-a397dabcb8

  • MD5

    9271ea4c15a9702c08647eac23c932d8

  • SHA1

    7699f28181372cd1db025020f033a49664dd9bbe

  • SHA256

    f78393df5e1e6a6e8d9ab84d4c4f376235398180bce127e9a2170e926d7f8d65

  • SHA512

    2034004e2244d612736f309e620e58dbd923137e3d7e23fd1779fe367201dab022fd74e28695d5d6a469f1d8a3ec9625b7c5545deddd2601489aa9b96afb4875

Score
9/10
minerpersistence

Malware Config

Targets

    • Target

      f78393df5e1e6a6e8d9ab84d4c4f376235398180bce127e9a2170e926d7f8d65

    • Size

      2MB

    • MD5

      9271ea4c15a9702c08647eac23c932d8

    • SHA1

      7699f28181372cd1db025020f033a49664dd9bbe

    • SHA256

      f78393df5e1e6a6e8d9ab84d4c4f376235398180bce127e9a2170e926d7f8d65

    • SHA512

      2034004e2244d612736f309e620e58dbd923137e3d7e23fd1779fe367201dab022fd74e28695d5d6a469f1d8a3ec9625b7c5545deddd2601489aa9b96afb4875

    Score
    9/10
    minerpersistence

    • Detected Stratum cryptominer command

      Looks to be attempting to contact Stratum mining pool.

      miner

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

1
T1112

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Tasks