Overview

overview

10

Static

static

1

ac1585ecff...90.exe

windows7-x64

10

ac1585ecff...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04463334a6eae4cd5aa2e41bd17e3b25.bin

  • Size

    1.2MB

  • Sample

    230207-hn268ahh58

  • MD5

    417afe85deb01208a9bc0776655b94c6

  • SHA1

    ddfd5629ac3c519c4da345639e67d60fb713b756

  • SHA256

    ac81e8eca9a4b0b7fad900a469682e16981c69732551dfa9b3c026a0f6bbf80c

  • SHA512

    dd544a58a431558abec81c4aa5723a9e7ab6e6a54a46279848aa47a5127548a5181d0f0db29497bb432883bf8a110d64d27985a98438a8ce7de135c9b6d24842

  • SSDEEP

    24576:oFFNiBWUwrWNN+7YD+8aHx8Lhe7kNXTty+7z9xa5UUFf4v9XHGN:y8shqNRDNaHxeV40z9AUK4lWN

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      ac1585ecff0d275e852f9d35792879bda062537ae12267306108d55873987e90.exe

    • Size

      2.2MB

    • MD5

      04463334a6eae4cd5aa2e41bd17e3b25

    • SHA1

      fc7b80c27c655bd7de306c98cdbd810077babc15

    • SHA256

      ac1585ecff0d275e852f9d35792879bda062537ae12267306108d55873987e90

    • SHA512

      360339adafa78e2993f3c7ba10f615436900bd4e9407dced12827ca6d0971b8d7c454611f12d1685f79354756a387a7d78ee6702ed1c5868793bbf4088dc780c

    • SSDEEP

      49152:sOnjDmNlqKpXDCUOnjDmNlq/z90f0SpWtBnUhTUEdGloy2:XtU0SotBnUgOG

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks