General
-
Target
918a866f41a7885284135f4fcd66c080.exe
-
Size
2.1MB
-
Sample
221129-h8eawsgg42
-
MD5
918a866f41a7885284135f4fcd66c080
-
SHA1
8bc703d4ec0a8b66ede518c0df2074e75f7b0204
-
SHA256
b41c29b2db195c563b7f2bfee83f341700b53bfb0827a847a1918496ec9c4e5b
-
SHA512
2c42377873b2cd791b100c89f37b0185ae2ff6dd7e283cf2aedf2cdd7a4fab1a355b71193d0be8cc0cc79b781a9ca1fbdc43c83de33ec70bdf942a6da64b3575
-
SSDEEP
49152:c5M1AHcWUr7Oe6ffETtcdR045tFs8iV6a1k8:asUcWUr7OeWfEadR0SDs83ek
Static task
static1
Behavioral task
behavioral1
Sample
918a866f41a7885284135f4fcd66c080.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
918a866f41a7885284135f4fcd66c080.exe
-
Size
2.1MB
-
MD5
918a866f41a7885284135f4fcd66c080
-
SHA1
8bc703d4ec0a8b66ede518c0df2074e75f7b0204
-
SHA256
b41c29b2db195c563b7f2bfee83f341700b53bfb0827a847a1918496ec9c4e5b
-
SHA512
2c42377873b2cd791b100c89f37b0185ae2ff6dd7e283cf2aedf2cdd7a4fab1a355b71193d0be8cc0cc79b781a9ca1fbdc43c83de33ec70bdf942a6da64b3575
-
SSDEEP
49152:c5M1AHcWUr7Oe6ffETtcdR045tFs8iV6a1k8:asUcWUr7OeWfEadR0SDs83ek
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-