General
-
Target
020f7adf3af6a01c6ba76cad87819ff2f423eb95e28fb5d214e8a01429df9a92
-
Size
8.5MB
-
Sample
220523-t6jndaaddj
-
MD5
6698911c5b06dd1396471dd8633456a8
-
SHA1
2528e917014f2476534b4c9f584878d071384f92
-
SHA256
020f7adf3af6a01c6ba76cad87819ff2f423eb95e28fb5d214e8a01429df9a92
-
SHA512
6e796cb625f7084a5d363062533602aab1791cd6229866531f717c715897765727e90869301228ff865c7c8ebabab29617a86771ad54c9688fd9b4514f924dab
Static task
static1
Behavioral task
behavioral1
Sample
020f7adf3af6a01c6ba76cad87819ff2f423eb95e28fb5d214e8a01429df9a92.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
020f7adf3af6a01c6ba76cad87819ff2f423eb95e28fb5d214e8a01429df9a92.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
020f7adf3af6a01c6ba76cad87819ff2f423eb95e28fb5d214e8a01429df9a92
-
Size
8.5MB
-
MD5
6698911c5b06dd1396471dd8633456a8
-
SHA1
2528e917014f2476534b4c9f584878d071384f92
-
SHA256
020f7adf3af6a01c6ba76cad87819ff2f423eb95e28fb5d214e8a01429df9a92
-
SHA512
6e796cb625f7084a5d363062533602aab1791cd6229866531f717c715897765727e90869301228ff865c7c8ebabab29617a86771ad54c9688fd9b4514f924dab
Score10/10-
Modifies WinLogon for persistence
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-