General

  • Target

    060dcf3db41635a2f995e0ed15ddf9ffab0e3d462b15b91cd7b4626ca2f0a178

  • Size

    1MB

  • Sample

    221129-mzfjtaca77

  • MD5

    c9997fc1a83d922ad052768f2b34957b

  • SHA1

    8c5a6283fd2fd20ed7309728a572331c4a5c2ae8

  • SHA256

    060dcf3db41635a2f995e0ed15ddf9ffab0e3d462b15b91cd7b4626ca2f0a178

  • SHA512

    1f73c858c30ddc9199b61351a3827c651ae812e6cba6255a5c3362206157142361a84d2571bb4dd327f01ea70348a88a2e1e4c9d73ad80a7ffed4f97d7e7aeb6

  • SSDEEP

    49152:j2d8gd1orIde6fk6TwHdPtBqYiV6fFKCzYSHhdMe2hVq2RWrsgzfr8:j2Wgd1orIdeWk6odPXqY3tDlMe2ho2RE

Score
10/10

Malware Config

Targets

    • Target

      060dcf3db41635a2f995e0ed15ddf9ffab0e3d462b15b91cd7b4626ca2f0a178

    • Size

      1MB

    • MD5

      c9997fc1a83d922ad052768f2b34957b

    • SHA1

      8c5a6283fd2fd20ed7309728a572331c4a5c2ae8

    • SHA256

      060dcf3db41635a2f995e0ed15ddf9ffab0e3d462b15b91cd7b4626ca2f0a178

    • SHA512

      1f73c858c30ddc9199b61351a3827c651ae812e6cba6255a5c3362206157142361a84d2571bb4dd327f01ea70348a88a2e1e4c9d73ad80a7ffed4f97d7e7aeb6

    • SSDEEP

      49152:j2d8gd1orIde6fk6TwHdPtBqYiV6fFKCzYSHhdMe2hVq2RWrsgzfr8:j2Wgd1orIdeWk6odPXqY3tDlMe2ho2RE

    Score
    10/10
    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                  Privilege Escalation

                    Tasks