Overview

overview

10

Static

static

BUFF 12H.exe

windows7-x64

10

BUFF 12H.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BUFF TEST VERS.rar

  • Size

    2.0MB

  • Sample

    220924-v1emxabfg5

  • MD5

    b0d5b51c5b5526e76f0771c350a821cd

  • SHA1

    326e402d16cceb90c3b9b86174904a1de7eacb73

  • SHA256

    f5a8f1abc7bd17df3d9ab0e2b1d43c8ab286b3277eef339918a406652f45470b

  • SHA512

    1c325bd9100ab2f138257d4f8297ce8cf40dd99abef28656339f28af3f0b0c05111412899d38f59ad250033a2b4af4ee6a37ab2fe4a6909f89eb9d2aaa58f2a0

  • SSDEEP

    49152:VLxMtQmIZELV7/mKGrsOtPpMEF9qwU17Tq4GU5IymfberG2ldo:ViimIs7/mKisF7+4nIfzoGAo

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      BUFF 12H.exe

    • Size

      2.0MB

    • MD5

      44e757e4e2e6aba07865e5c42028f8c2

    • SHA1

      6399afb3b981c9ce457b81326dd3f79ddef081f0

    • SHA256

      5533c744f6f07c674ddf759b37acb92e6cecea77bdc9f9658166520f6c47de6f

    • SHA512

      e3da98f211f87bf6369eeb5245aea5a69bfa16e868c787f86e70776b96787059bb1fb0f22082f8653a2a257e50bd4f7d4a75fb17ea010e8a89862fd999485fbd

    • SSDEEP

      49152:h4XjTHzNmGid9ZiYioAykudfgzTlQNoYP1LZI2m0PZk+aJL0jRBtD8j:hGTNKJi5eTNoYPxdm+k+aJL4RB18j

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks