General
-
Target
file.exe
-
Size
1.3MB
-
Sample
221123-vn422ahe77
-
MD5
63a5a9ecfd59f81c8c2744f54809c7f8
-
SHA1
fc9fa3765ac64a6c8a8607f3447d47151acbe7c4
-
SHA256
a07d160c21ffe45dfdcc0e0b1a485293063b9b1751f635b989fa41075019290a
-
SHA512
9356cfc34a4cf8736cbc6962be63527376590f96e04c91154071e5617e0876bb9aa04b0e7c5dde1d12e3b88d36b6150bfeaf8a2f09e0507e089b90ceb68b1071
-
SSDEEP
24576:WdcgTewpeuCLZQ5wrS7j5G1bDD6egAmkI:WdcgT1pehZQYYKTX
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.3MB
-
MD5
63a5a9ecfd59f81c8c2744f54809c7f8
-
SHA1
fc9fa3765ac64a6c8a8607f3447d47151acbe7c4
-
SHA256
a07d160c21ffe45dfdcc0e0b1a485293063b9b1751f635b989fa41075019290a
-
SHA512
9356cfc34a4cf8736cbc6962be63527376590f96e04c91154071e5617e0876bb9aa04b0e7c5dde1d12e3b88d36b6150bfeaf8a2f09e0507e089b90ceb68b1071
-
SSDEEP
24576:WdcgTewpeuCLZQ5wrS7j5G1bDD6egAmkI:WdcgT1pehZQYYKTX
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-