Overview

overview

10

Static

static

Minecraft ...cc.exe

windows10-1703-x64

1

Minecraft ...es.exe

windows10-1703-x64

1

Minecraft ...c1.exe

windows10-1703-x64

1

Minecraft ...ut.exe

windows10-1703-x64

1

Minecraft ...cc.exe

windows10-1703-x64

1

Minecraft ...en.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Minecraft alt Gen V2.rar

  • Size

    37.9MB

  • Sample

    220822-jja3lsffc5

  • MD5

    da3f271237846b23d901e9c8272779c3

  • SHA1

    ea5ac7bd3241d41a4004d754cc71c7036e4f9530

  • SHA256

    57e8cb376230802d28388425591c80e8ae67ecebdae17eee60e22098d85319c9

  • SHA512

    2bb36e60b42a6fc6942c49e0bdc0d316234ffacce1d3f228df7a4c23fba92545262319b7efcc497c318a10759d89ca233cc374511bf96c697a253ebdb501759e

  • SSDEEP

    786432:PbJBbRds64nslE0Np5OUTNNsa4A7ViMqcbGWNPxUoYlZ6/:Vdb4s3Np5tTN+vAJiMqcCWNPx+lO

Score
10/10
xmrigdiscoveryevasionexploitminer

Malware Config

Targets

    • Target

      Minecraft alt Gen V2/Compilers/MinGW64/bin/gcc.exe

    • Size

      789KB

    • MD5

      43acaac9b437bd941c793ca6d9e776f7

    • SHA1

      c7de884538ea84e50127331fde9642c4b99fa966

    • SHA256

      27d8ea1223c1cf411773a39e8ef406d1f1d5d8956a0351ba8c74cc6c87978258

    • SHA512

      6587acc6c03afdfb7ac5e48f01978832dac491f9cdd86d1bc68f997e85000056cbfe6c27462ec3713c4bfad139f7a4937a0258eed98cede48dddacc2f17cac2d

    • SSDEEP

      12288:TS1H1JPxbIyLdAKqchyKHxWSwbq7/8c841yZR1af23HPfANwe:TS1rxb/LfvyKHxWSsq7/8c8K0kNwe

    Score
    1/10
    behavioral1

    • Target

      Minecraft alt Gen V2/Compilers/MinGW64/bin/windres.exe

    • Size

      1.4MB

    • MD5

      656ea3e44dd98bdddfa28689f433222e

    • SHA1

      866428a060d29bdacbe3d46e6234f815ba276bf4

    • SHA256

      4757d9fc9e1342cfe0387ec0477fcf1996876a266a7eae7a820144c89e4a3a8b

    • SHA512

      fb2e478829fa6e5b99959cf6cebb937e1228a16fc13515e2267833d25096e47c8659daf154273bb84a9c717560f0a9be66de1b3bb4e41659e3c378f60df3e95d

    • SSDEEP

      24576:UQ8oQfiECFMec5rWbky8nVWuoX3FpFKzBQDabg1nN5VIjnd9wDsYVTm8WyC55oB:UQ7abt5tggd9AsKTm6C5M

    Score
    1/10
    behavioral2

    • Target

      Minecraft alt Gen V2/Compilers/MinGW64/libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe

    • Size

      12.5MB

    • MD5

      72d8fe1f322d4eadbe4b825d0fbba8e3

    • SHA1

      14111de0cf33c5608e2d800e96f0bdb8132b7105

    • SHA256

      6ce68e248fb64e366aaa6a5fe34fbf530299337de34f03d51dac6b59c86b9a0d

    • SHA512

      5f0e73be9ad6f5661b8a9a276966122c96453f73cf6f2dbbf10ac31eee8888c20217ac0b608f69e8302029352e620036804ee8733a5e5e62a104adad9245ffcb

    • SSDEEP

      196608:hRehstjis1CX02vdiyLHA/wT47rMR7v37nnds8hWRJsjoPP/HcSOYJfwskFueKy6:BNizBLT3rn8ozo5NZ

    Score
    1/10
    behavioral3

    • Target

      Minecraft alt Gen V2/Compilers/donut/donut.exe

    • Size

      203KB

    • MD5

      c818c5393fac46f31e3f1ef911c3cad6

    • SHA1

      af2253dc02312238e408e7b90ac20a01dc2f89af

    • SHA256

      cd3252f0595d422bd46b2a92f0ee545a20f28b68631cf90ef1da2187c815b758

    • SHA512

      ccd4d815af7e93f0b514560bb819ed6a76c37b3746cf58b51e4e5b0cc595c26efcfe858bf38e5246c606d95b3f064a11838047354ffa706903d827a863b5fcc2

    • SSDEEP

      3072:l5r0TvDU5dlIKzcrj/PGIiVYWkxHNUSSSAYKXFcsG63wAkJrrtoeUXIO:lVqonKKzqLNiaWKGSSSRQkFhoe

    Score
    1/10
    behavioral4

    • Target

      Minecraft alt Gen V2/Compilers/tinycc/tcc.exe

    • Size

      55KB

    • MD5

      c71d2e26c909569a2f268a3935d660d5

    • SHA1

      5123bd42fec83b867148e7a0d893afb5b5918b8c

    • SHA256

      dd4fa08b42620aeabb2c2db031041190508e17d0c14e405921ed62276f875a39

    • SHA512

      56b2caa9c2737255f6522ad55282693a85966b9c3b639e8591180caef5e68c33f917ec13e7f26420ad3a36f2fa11f930ec8b478718790ace5cea19b69ecd57c3

    • SSDEEP

      768:vh0KheXWVDJGo7+Ki8sFGnApvIR0HuK83igNG+vamqVviJkCQW:iKheXUJGk+KiZgARIyHuKOSbhTCQW

    Score
    1/10
    behavioral5

    • Target

      Minecraft alt Gen V2/Minecraft Alt Gen.exe

    • Size

      30.9MB

    • MD5

      a02a18c6363b7198ba520e74ebf3885e

    • SHA1

      92cd82ceb9f0c2eae1cd18f326275a7e296b247a

    • SHA256

      1c3dde5bf93ad81d4324a37c8c62a49f8aed70c0f5afff9002c8d8b6749f10d9

    • SHA512

      34238dc89065d5dcb8e51b48d387fe1e13a3d99d83570312f8bb7302210f0ab571db0c4a0b0a5b5455c50d7a5307549da24099b846ec53188946a34fa1bbb21c

    • SSDEEP

      786432:InslE0Np5OUTNNsa4A7ViMqcbGWNPxUoYlZ6:Is3Np5tTN+vAJiMqcCWNPx+l

    Score
    10/10
    xmrigdiscoveryevasionexploitminer

    • Modifies security service

      evasion

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Possible privilege escalation attempt

      exploit

    • Stops running service(s)

      evasion

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral6

MITRE ATT&CK Enterprise v6

Tasks