Overview

overview

10

Static

static

mofcomp.exe

windows7-x64

10

mofcomp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mofcomp.exe

  • Size

    151KB

  • Sample

    221010-h2nkzsahg6

  • MD5

    7750f5921594ace05c7a8d05e8d2cd27

  • SHA1

    4fe955656fef76afca9604b016113b993abe7649

  • SHA256

    a862ea441bd7820c5fd7faf9a43a4c455c38401f486e3b0dfabc84dd53193df9

  • SHA512

    3e90458f37c83f1dadddb71b722c08260872246488bc3df32d08a02753cb57a25a0162610847691141c439f1c65ab5444ff9453d365cd31d762cd841a0cd8fb7

  • SSDEEP

    3072:2s2D9KzcbBdr/IbIIpRAk5Krcw80bM7gq5c0fwls1V5Am:22obz6L0cl0bqcYZ5A

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      mofcomp.exe

    • Size

      151KB

    • MD5

      7750f5921594ace05c7a8d05e8d2cd27

    • SHA1

      4fe955656fef76afca9604b016113b993abe7649

    • SHA256

      a862ea441bd7820c5fd7faf9a43a4c455c38401f486e3b0dfabc84dd53193df9

    • SHA512

      3e90458f37c83f1dadddb71b722c08260872246488bc3df32d08a02753cb57a25a0162610847691141c439f1c65ab5444ff9453d365cd31d762cd841a0cd8fb7

    • SSDEEP

      3072:2s2D9KzcbBdr/IbIIpRAk5Krcw80bM7gq5c0fwls1V5Am:22obz6L0cl0bqcYZ5A

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks