Overview

overview

10

Static

static

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.4MB

  • Sample

    221124-atgtgafc63

  • MD5

    df86d605b3aa3dd86b70cfc103622143

  • SHA1

    d300bf3bd1abbf0e87a3c5c0a565e472a00b83e3

  • SHA256

    f108dd568dcb4f08c5986c31eaac74e41cb59bc69db87d17a1033016308beed5

  • SHA512

    695209126e7a814286375a257b8585dd0bcc097d3a2a895ab1ece2c7d3700bbc6c5d5a0679dec5094a7453ad1ee3fd7a0285cb5adbf874d6afeab121b6f3ae60

  • SSDEEP

    24576:Mf8GBTvwpet3j9gkEubdiHn/cVo8qBWkaQFX2l:Mf8GBTopeN9PwES8izFGl

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.4MB

    • MD5

      df86d605b3aa3dd86b70cfc103622143

    • SHA1

      d300bf3bd1abbf0e87a3c5c0a565e472a00b83e3

    • SHA256

      f108dd568dcb4f08c5986c31eaac74e41cb59bc69db87d17a1033016308beed5

    • SHA512

      695209126e7a814286375a257b8585dd0bcc097d3a2a895ab1ece2c7d3700bbc6c5d5a0679dec5094a7453ad1ee3fd7a0285cb5adbf874d6afeab121b6f3ae60

    • SSDEEP

      24576:Mf8GBTvwpet3j9gkEubdiHn/cVo8qBWkaQFX2l:Mf8GBTopeN9PwES8izFGl

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks