General
-
Target
file.exe
-
Size
1.4MB
-
Sample
221123-mntx3ahg7y
-
MD5
fd9a773f17376e3485292aa261e379ac
-
SHA1
c0e2bb23e43e2cff1ca052477b7e3f89458b9d50
-
SHA256
6ef9c0a33ef168ea07c55966deba59b977e7bf9fcefcda5944c66ea3f46453a7
-
SHA512
148da5fcd9c9d194466c3d1489cc71987d57905d6d1635a435e2ddcbf1cf851bdd02c0684a06cec46d44308044bf304ba0f6c789fd82d4cb9c4fff0b1ee91630
-
SSDEEP
24576:GiCj1Tnwpevq7BZlrkY/wP91wSRXZZAvnn3huG:GR1Twpevq7HJkY4nwSRXIPn7
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.4MB
-
MD5
fd9a773f17376e3485292aa261e379ac
-
SHA1
c0e2bb23e43e2cff1ca052477b7e3f89458b9d50
-
SHA256
6ef9c0a33ef168ea07c55966deba59b977e7bf9fcefcda5944c66ea3f46453a7
-
SHA512
148da5fcd9c9d194466c3d1489cc71987d57905d6d1635a435e2ddcbf1cf851bdd02c0684a06cec46d44308044bf304ba0f6c789fd82d4cb9c4fff0b1ee91630
-
SSDEEP
24576:GiCj1Tnwpevq7BZlrkY/wP91wSRXZZAvnn3huG:GR1Twpevq7HJkY4nwSRXIPn7
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-