General
-
Target
mm.exe
-
Size
7.0MB
-
Sample
221008-3fxa8agagp
-
MD5
78d0b33d1fa1076547aee9348ac7b4bc
-
SHA1
d0555b13ff01e5c8f29b2c1151cb7aee8c50d502
-
SHA256
d5b84b2960a827f7096769957650be93252b2285e2387988c1d2884044089a32
-
SHA512
8cf5b0c6d8374b72a8a46381b2366edf4c285abcaf98c96246adc0c184839a5a07b5e8507be0cdf890bc9354d0e4dd37ce60413a029734e0b7dc992d500aaa29
-
SSDEEP
196608:hwR9ij8JXcspYttacZm+gUBxLo1lLalxWS:6R9ij+cspYtt3VxE1lGlxt
Behavioral task
behavioral1
Sample
mm.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
mm.exe
-
Size
7.0MB
-
MD5
78d0b33d1fa1076547aee9348ac7b4bc
-
SHA1
d0555b13ff01e5c8f29b2c1151cb7aee8c50d502
-
SHA256
d5b84b2960a827f7096769957650be93252b2285e2387988c1d2884044089a32
-
SHA512
8cf5b0c6d8374b72a8a46381b2366edf4c285abcaf98c96246adc0c184839a5a07b5e8507be0cdf890bc9354d0e4dd37ce60413a029734e0b7dc992d500aaa29
-
SSDEEP
196608:hwR9ij8JXcspYttacZm+gUBxLo1lLalxWS:6R9ij+cspYtt3VxE1lGlxt
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-