General
-
Target
madk.exe
-
Size
3.4MB
-
Sample
220926-318jzsdcgn
-
MD5
d00af5991807952929e5b986afd295c9
-
SHA1
7f5cc8203f2e22bea24bf7f7b2995dc2ef3571ee
-
SHA256
025e8edef965f9376d6a0387c3f2952c19e727629920aeea544d963ee89b1594
-
SHA512
c032eec4bbb1a34113ea86606ae3b1c5d94a7f6f7d52d3347341312d4bf3af2dfa730d549b612a37353a21274eae8f10960ad105fc52c4955c33cccf5f0c1cd6
-
SSDEEP
98304:jKqtESnFRAW/YS7gCPJDEYFu6GyPuzBPrQ:FnFRV/Bt1E8u6yNQ
Behavioral task
behavioral1
Sample
madk.exe
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
madk.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
madk.exe
-
Size
3.4MB
-
MD5
d00af5991807952929e5b986afd295c9
-
SHA1
7f5cc8203f2e22bea24bf7f7b2995dc2ef3571ee
-
SHA256
025e8edef965f9376d6a0387c3f2952c19e727629920aeea544d963ee89b1594
-
SHA512
c032eec4bbb1a34113ea86606ae3b1c5d94a7f6f7d52d3347341312d4bf3af2dfa730d549b612a37353a21274eae8f10960ad105fc52c4955c33cccf5f0c1cd6
-
SSDEEP
98304:jKqtESnFRAW/YS7gCPJDEYFu6GyPuzBPrQ:FnFRV/Bt1E8u6yNQ
-
Clears Windows event logs
-
XMRig Miner payload
-
Executes dropped EXE
-
Sets file execution options in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
1Hidden Files and Directories
2Modify Existing Service
1Defense Evasion
Indicator Removal on Host
1Modify Registry
2Hidden Files and Directories
2Impair Defenses
1File Permissions Modification
1