Overview

overview

7

Static

static

3

AVR_Miner.exe

windows10-2004-x64

7

Arduino_Co...ode.js

windows10-2004-x64

1

CLI_Wallet.exe

windows10-2004-x64

7

ESP32_Code...ode.js

windows10-2004-x64

1

ESP8266_Co...ode.js

windows10-2004-x64

1

PC_Miner.exe

windows10-2004-x64

7

Wallet.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Duino-Coin_3.33_windows.zip

  • Size

    34.9MB

  • Sample

    221124-nnnlqaba67

  • MD5

    d1e294321156ef3a47c88635a7c8bc63

  • SHA1

    61898ac489f149d5b10ef39b409ec0db80f69a7c

  • SHA256

    9285a79f98246a8ec552e36a62b17ddcf6b4c6b22360e22b65fedb00a7e47e80

  • SHA512

    62231b6d16df1949b70634b39158034c9fada6dabb32f3e0c55a87acd3a0064688ea6db26080ce374f77790e4480d699f590dd34426a461060deddedf0c777fc

  • SSDEEP

    786432:/235+8XzkWNNYyQdkR/Hj/dqKiGgTc2PCkEZqe2aYPLGPKnT/loTH:/2p+8XzkWNNNPhHljgTc2abZqe2aCLap

Score
7/10
persistencepyinstaller

Malware Config

Targets

    • Target

      AVR_Miner.exe

    • Size

      9.8MB

    • MD5

      46ab2c1cf9c5f0c42bcfe5016ebeaf31

    • SHA1

      1c970f9cb0d3962838a9e19230bfef627bae40a5

    • SHA256

      1566eccb2fdd23a6b68ec0403bcb9a8ac3ae601ab07a834ecec6df089a8f00f3

    • SHA512

      b2356ba76f66b2a792294791d2c42b2c7ea181fcb4e70eb800d0da1dc8913c5bd0f372e7c773be8d297bb825411da7b3ab84ea1dd69c7fe783503c7e5d427b8a

    • SSDEEP

      196608:NJxPDPIEICteEroXxzaxG6NIyzlu8pgsEqJZIX334pO/M8XDCL6L1:zxPrIEInEroXhakuIyzlu8pfEqJE33IW

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

    • Target

      Arduino_Code/Arduino_Code.ino

    • Size

      4KB

    • MD5

      283de3c329235f87e31917ab96b22e5f

    • SHA1

      cdfe05e5f9d2edcb90eecf7a6df30e2dc12ddb23

    • SHA256

      f151cb5ad028ae99c535fa732ade84b9fa320af09eacb1c221828e47fe1df265

    • SHA512

      1d758fca8779dd62484c1683ac50a5636dab9c9519d89c0a42e3b005509c36527ecd2df9a2cea70e1107210a169a73034d4a7d77db74b66bea955d7271a42ab6

    • SSDEEP

      96:31u0Uo1uzSlRBO7KlzJyDcHCv06Pfa3jO:31uOHoDcuf

    Score
    1/10
    behavioral2

    • Target

      CLI_Wallet.exe

    • Size

      9.4MB

    • MD5

      ce783a16312c5c769286726501063868

    • SHA1

      78aa3e04124a2ae448ef5c241afe964486669f94

    • SHA256

      063703e3e2cdddfb9aa889d79c28323f945bcc5178130e0cd8b00139ae734c5d

    • SHA512

      6c6d5fe3d9d543b53c41619902cfbe078974422868521992eb79e2aa9a7adfc0e0df5659f8be24ac3e3083ad862446aa2df5856caadfa674433701adbd731029

    • SSDEEP

      196608:zoFpV7zj9AKm6gUU8gBk6cmvdsCncq4njQthsiHzy7kiagDZg9fqBhjIUz/oMC:433GH6YkkvaCncvnKhs575aF9WaGi

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3

    • Target

      ESP32_Code/ESP32_Code.ino

    • Size

      31KB

    • MD5

      f0a120c3517cbfe115215bbc12330cdc

    • SHA1

      4215d28434044a012b0b0bdcb228a02803caf273

    • SHA256

      ec8b30b173e9c67fc6f82d74617009b021be753fa94db2aee713604d844c0b1a

    • SHA512

      ae5fb4bcf90120622e187d4a6c0da763bc4553b2ebaca50af480e1d028f5ae4d3037385719e1a444d31377331aee1e229820ecc56eb1f48d475da86c8a9bb92d

    • SSDEEP

      384:42f8ULk+LHTkuJLaS2tGsd2xwJFhxWPfNVnMdGoJ/SIk9UKvMhgObPcLz5SnCOB:ttHTFLcv2xwJFhxKfNJeGm1Bvlbj

    Score
    1/10
    behavioral4

    • Target

      ESP8266_Code/ESP8266_Code.ino

    • Size

      25KB

    • MD5

      2fd5e793f4cf9e3334b368975a84370a

    • SHA1

      040d6ef9008c72b938ab5b229f5251a8ef502fe2

    • SHA256

      d363fa35a51b237d11825f11e6fa89205c6cd3cfd1ede3581f298a2a4076a473

    • SHA512

      16983e3a7cd7c235672f806de6ef01a4a05c0e557dbaf313bfdab63913cf53998f0a0588aadeed4982a569074d3ef9f1b75cd38c678a2f7d0930e0af9f4ab251

    • SSDEEP

      384:H2ryzQptNlz4sBV8UZk6xjOGdsbOgkhCvHsAFTX7Pn7GHJS0bueakw3:gyzslzFZSpbOgkhCvHsAFTrPn7H0bO

    Score
    1/10
    behavioral5

    • Target

      PC_Miner.exe

    • Size

      9.7MB

    • MD5

      70c361b9ee66e7546564828cce1cf0bd

    • SHA1

      07a84185084e8512abcbb1b595e25c05ee21f357

    • SHA256

      628d7bae60b0a6019637b21cd72f0b985edd3ada285d4601fc8d6344d250c326

    • SHA512

      3669b255623f7b68eae35a6239bafe9e246533721c574825727b8279841666698a6e46b65f98c10dd4e2b3be4e1eae9ff549074ea847eb3c244ee615d39fd036

    • SSDEEP

      196608:fLPIEICteEroXxzaxG6NIyzlu8pgsEFMzJMdv33U5OwVBIZvH6jOz:7IEInEroXhakuIyzlu8pfEFMJGv33IHO

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral6

    • Target

      Wallet.exe

    • Size

      6.6MB

    • MD5

      d5d3d568bc716a7a726ce88200a7cd29

    • SHA1

      c5246366cba74ae43555b195c61bbe566b09534d

    • SHA256

      3a9683911e0a4613a475f11f1881a2dac6723eecba89db9ceb30c2804c580f1a

    • SHA512

      e945413bbb3f29ec6dda54403b1fc4741b50f6cc91fc0ba434302e0ff50117a4db9d882aca3ebf9e9258e447e5be44100bdef19df5e094e8aaa3955dd747a14a

    • SSDEEP

      196608:7qgFpymvdsCncs4njQthsiHzy7k7yZRAj6KhV4/oDw:/BvaCncNnKhs57I0e6x

    Score
    7/10
    persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

3
T1102

Impact

Tasks