General

  • Target

    b741326d7278ad9d3be13a80bcd3ead02ddb1a45c73d0c3f903d2ae0675643dd

  • Size

    3.9MB

  • Sample

    220521-m7s5wadbh9

  • MD5

    855c397b671d85fb2422b31924f8af9f

  • SHA1

    a2750adf76a245c6f822dc9723e9660b833ca8d4

  • SHA256

    b741326d7278ad9d3be13a80bcd3ead02ddb1a45c73d0c3f903d2ae0675643dd

  • SHA512

    921183d5d9584b256150990fad2d5db8e37065fd1ed03ff7f9d0fd4324ae09da7000037f00e18cd9147b17ae38d2f1f4178d970740598561364b4e61605b3d09

Score
10/10

Malware Config

Targets

    • Target

      b741326d7278ad9d3be13a80bcd3ead02ddb1a45c73d0c3f903d2ae0675643dd

    • Size

      3.9MB

    • MD5

      855c397b671d85fb2422b31924f8af9f

    • SHA1

      a2750adf76a245c6f822dc9723e9660b833ca8d4

    • SHA256

      b741326d7278ad9d3be13a80bcd3ead02ddb1a45c73d0c3f903d2ae0675643dd

    • SHA512

      921183d5d9584b256150990fad2d5db8e37065fd1ed03ff7f9d0fd4324ae09da7000037f00e18cd9147b17ae38d2f1f4178d970740598561364b4e61605b3d09

    Score
    10/10
    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks