General
-
Target
Reset_cln.exe
-
Size
9.4MB
-
Sample
221210-mmefzsab8s
-
MD5
61c98e80e70b0f3e3951dccff351644c
-
SHA1
541c48539d943c6bd261127829f1e29904a5b945
-
SHA256
14541883dc05d0e8e954b1de4d5c717ab7a215fa2472332971c6695038324371
-
SHA512
fba3db8b8c9be2a5e2646bcb313e947d5634989ffee31501f40f1d0c14f6633e39161d2c35393c3a33fedf65674cab2fcd55f817e03a803216db6d94ad5183ca
-
SSDEEP
196608:anzwdq6YMOwsdK+kVylAou8uuYV0Jui6cCVIAKdG1PT:AkUMOwoKvVypLUVNn7KdaT
Malware Config
Targets
-
-
Target
Reset_cln.exe
-
Size
9.4MB
-
MD5
61c98e80e70b0f3e3951dccff351644c
-
SHA1
541c48539d943c6bd261127829f1e29904a5b945
-
SHA256
14541883dc05d0e8e954b1de4d5c717ab7a215fa2472332971c6695038324371
-
SHA512
fba3db8b8c9be2a5e2646bcb313e947d5634989ffee31501f40f1d0c14f6633e39161d2c35393c3a33fedf65674cab2fcd55f817e03a803216db6d94ad5183ca
-
SSDEEP
196608:anzwdq6YMOwsdK+kVylAou8uuYV0Jui6cCVIAKdG1PT:AkUMOwoKvVypLUVNn7KdaT
Score10/10-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Executes dropped EXE
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-