Overview

overview

10

Static

static

0c78984cd2...37.exe

windows7-x64

10

0c78984cd2...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c78984cd2afe869307aca9d8dc9d257f650616b12fa45a2a79a83821f1e7b37

  • Size

    833KB

  • Sample

    220930-y62amsffer

  • MD5

    e94daf09612a7fa6491ff9ff47cd8cae

  • SHA1

    fa0abf6e1bfa33f2f180b2fad4928cbadeb7f014

  • SHA256

    0c78984cd2afe869307aca9d8dc9d257f650616b12fa45a2a79a83821f1e7b37

  • SHA512

    4a2279b7c1c5eed840d8056b585962dea818cd4e5454f42a0caf9b1c56ba06a892acce77dbc6b0598e46f83e6ecb376d2ea42d7b5b15877536bfa31c340dc73a

  • SSDEEP

    6144:o2j7MpEXhM4uccEV0SvafIxRT3ChsYwSZpji1X+i22Usn3tezndwI/VLuwUUblRB:X5ucdV0LoSf2+VI3EhHPZR7F

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      0c78984cd2afe869307aca9d8dc9d257f650616b12fa45a2a79a83821f1e7b37

    • Size

      833KB

    • MD5

      e94daf09612a7fa6491ff9ff47cd8cae

    • SHA1

      fa0abf6e1bfa33f2f180b2fad4928cbadeb7f014

    • SHA256

      0c78984cd2afe869307aca9d8dc9d257f650616b12fa45a2a79a83821f1e7b37

    • SHA512

      4a2279b7c1c5eed840d8056b585962dea818cd4e5454f42a0caf9b1c56ba06a892acce77dbc6b0598e46f83e6ecb376d2ea42d7b5b15877536bfa31c340dc73a

    • SSDEEP

      6144:o2j7MpEXhM4uccEV0SvafIxRT3ChsYwSZpji1X+i22Usn3tezndwI/VLuwUUblRB:X5ucdV0LoSf2+VI3EhHPZR7F

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks