General

  • Target

    a88b94f5031a3c41915f61d0d391ab64ecef5f82256602e42103c86eff77b2b6

  • Size

    1.6MB

  • Sample

    221129-xrwwyagb43

  • MD5

    839e207bb22ab8772befb8b594fdd877

  • SHA1

    6f59e4010dec8418fc4018628da61c363594b133

  • SHA256

    a88b94f5031a3c41915f61d0d391ab64ecef5f82256602e42103c86eff77b2b6

  • SHA512

    8bdd1a56cf3ce7cffec62dbd13d04a44f285f46208e7f1664be98089e2f49fc9443df67c76231b550fd812c231a8e35e4ed5334ac8342948f9f958eeecbb06dd

  • SSDEEP

    24576:dPp4UF0HA9lFSrNQOwTtndYzCs2kTIrmyfbiV6RlvesOhlam6Oayh/oHW5:dPCFecr6/TtndakLiV6nvPOr/oHo

Score
10/10

Malware Config

Targets

    • Target

      a88b94f5031a3c41915f61d0d391ab64ecef5f82256602e42103c86eff77b2b6

    • Size

      1.6MB

    • MD5

      839e207bb22ab8772befb8b594fdd877

    • SHA1

      6f59e4010dec8418fc4018628da61c363594b133

    • SHA256

      a88b94f5031a3c41915f61d0d391ab64ecef5f82256602e42103c86eff77b2b6

    • SHA512

      8bdd1a56cf3ce7cffec62dbd13d04a44f285f46208e7f1664be98089e2f49fc9443df67c76231b550fd812c231a8e35e4ed5334ac8342948f9f958eeecbb06dd

    • SSDEEP

      24576:dPp4UF0HA9lFSrNQOwTtndYzCs2kTIrmyfbiV6RlvesOhlam6Oayh/oHW5:dPCFecr6/TtndakLiV6nvPOr/oHo

    Score
    10/10
    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks