General
-
Target
file.exe
-
Size
1.3MB
-
Sample
221123-rxz8nahg58
-
MD5
8851bd99bb8728fa34a8a7afce73b36e
-
SHA1
d9a7790e4f41673f6a484180c717c778b258308e
-
SHA256
66d3e2e7a164f88efb1aecc3c81dbf1d29590a0e852f7dcebda595467027ab3d
-
SHA512
ff8b2a5ce027aef8f046c22fb77d4448d3f6fc4c0a117e9cb1b08b16d9e993a3c74846428974cc56f754b73d41b9a15863b9e5bc7c776b7a859d073d7e145f6f
-
SSDEEP
24576:n8E0T8wpeIq79Bu+pj+SRLQdqJptmfXCFIif/:nZ0TbpeIq7HumRLQkJpoKFIif
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.3MB
-
MD5
8851bd99bb8728fa34a8a7afce73b36e
-
SHA1
d9a7790e4f41673f6a484180c717c778b258308e
-
SHA256
66d3e2e7a164f88efb1aecc3c81dbf1d29590a0e852f7dcebda595467027ab3d
-
SHA512
ff8b2a5ce027aef8f046c22fb77d4448d3f6fc4c0a117e9cb1b08b16d9e993a3c74846428974cc56f754b73d41b9a15863b9e5bc7c776b7a859d073d7e145f6f
-
SSDEEP
24576:n8E0T8wpeIq79Bu+pj+SRLQdqJptmfXCFIif/:nZ0TbpeIq7HumRLQkJpoKFIif
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-