General

  • Target

    7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0

  • Size

    600KB

  • Sample

    221130-dnq2qsfc9z

  • MD5

    380db35deae657f4fab46d97f6d4faff

  • SHA1

    228e7a8cdbb4329f0e370d2a7952257d7bba101a

  • SHA256

    bd815dc2deab9e355f67b97c032c172be6444b939df066aedb8e60ee84fd6a33

  • SHA512

    3a575114147da263f938eafba407eeb7b76c14cdefa2ea27d6ab3e9ce1284f56fc94336023d50a873e64cbf59fb431b3b9817f4034a90136e5399c31b0cb65d6

  • SSDEEP

    12288:OCntmdCr4tMhP5aYJKHVncNbCQB6X/+hiYDq6Q:7t90tMhFJKNUE+Ej

Score
10/10

Malware Config

Targets

    • Target

      7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0

    • Size

      648KB

    • MD5

      4f17d8dcc61d0dea7dd6c4cd0162b246

    • SHA1

      d3a2505f416a32ed98e71117db7188cf1a464c5d

    • SHA256

      7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0

    • SHA512

      c4364d742f83dde0aec4a6120f5521bfff3df7e522eb43a3c9bcca6f3fbf3fdd000edb6aeceb2e4c84bebea46a6a3b110f538a982ce41919fb9f8da88ece98b2

    • SSDEEP

      12288:cm+6CtnUrur4tohP1aYZKHbncTnCQB6X/MJiY:x+rpX0tohhZKb+YM

    Score
    10/10
    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                  Privilege Escalation

                    Tasks