Overview

overview

10

Static

static

42bf95c2a2...44.exe

windows7-x64

8

42bf95c2a2...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42bf95c2a2fa7351fd81756bc7285495ecc31f4b37b280bdbd2b6116719d0244

  • Size

    1.4MB

  • Sample

    221129-3cacaagf23

  • MD5

    270f65170253f84fc8ade7b559b5a4bd

  • SHA1

    140d87fab0b3ab7988691f1816f80b97b5061e13

  • SHA256

    097d059e224b536c9c59223456fdb074ae01e4d99ab32ee07c2e4647e691bd65

  • SHA512

    108c5ce366f82718890f43362de595e594bca0cf899e2618866b804be4a1cedc8318ff6083bb64cf7145b59e6099874f27fe00c826bbcde9d2dae4741af2d3b0

  • SSDEEP

    24576:Ykaka4/cQR0chUvFHpmgWYC9MjxUSUJ6NPuaiGgYgaM9njvTSVXTJBss6z5JGx:xakfocgTCCOSayP1iGgdljvc4tJa

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      42bf95c2a2fa7351fd81756bc7285495ecc31f4b37b280bdbd2b6116719d0244

    • Size

      2.5MB

    • MD5

      7dad5ca2096cbe129c0dade6cb2c915f

    • SHA1

      7ef1eeab904b7b3afcc9e203be5e664388eb3198

    • SHA256

      42bf95c2a2fa7351fd81756bc7285495ecc31f4b37b280bdbd2b6116719d0244

    • SHA512

      87c9f5f16722113221c2ab2f11a9c4238b5706d8853288b3fa63b8bfa0462916dac8d62ee25d49e887202fa102edcc92540ddfb8d71ef19821d0b6c8770726c5

    • SSDEEP

      24576:+5phTHwpeGenqhURy3e45mDyyg2lcV+q2lcV2sQ288nLS9XTJDsCSz1H3a:+5phTQpeZnqhURyOAbCC+fCc27n2wRHK

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks