Overview

overview

9

Static

static

tmp.exe

windows7-x64

9

tmp.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    1.5MB

  • Sample

    230103-wd91zacc27

  • MD5

    4c8d2d06487d07ec350aa5c5d699bb55

  • SHA1

    adc4aa68f5aa4b0ea3f9a2ee82100234caea5b2d

  • SHA256

    5fe74ecfd6a9eeef45bed3760e4511c300dc843d17120361e5abd021cc107567

  • SHA512

    37f5dcf4a4e5f02c5dfb0d4c5cb18d4980efe387572fc3a50fa0d53a23c4403d8c17dbf2df9fa5bb647c0eb1f0a24d4c86e19aa2fb73b447c6cd62c6652b6bab

  • SSDEEP

    24576:BjhhhkB/Aw/ApZAZv8743EDweFLBNlYesa49t03jN0AK+HoD5PD:Rhhh6FQcv883EDhp5x4S0AKp9

Score
9/10
minerupx

Malware Config

Targets

    • Target

      tmp

    • Size

      1.5MB

    • MD5

      4c8d2d06487d07ec350aa5c5d699bb55

    • SHA1

      adc4aa68f5aa4b0ea3f9a2ee82100234caea5b2d

    • SHA256

      5fe74ecfd6a9eeef45bed3760e4511c300dc843d17120361e5abd021cc107567

    • SHA512

      37f5dcf4a4e5f02c5dfb0d4c5cb18d4980efe387572fc3a50fa0d53a23c4403d8c17dbf2df9fa5bb647c0eb1f0a24d4c86e19aa2fb73b447c6cd62c6652b6bab

    • SSDEEP

      24576:BjhhhkB/Aw/ApZAZv8743EDweFLBNlYesa49t03jN0AK+HoD5PD:Rhhh6FQcv883EDhp5x4S0AKp9

    Score
    9/10
    minerupx

    • Detectes Phoenix Miner Payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks