Overview

overview

10

Static

static

1

install.exe

windows7-x64

3

install.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    install.exe

  • Size

    71KB

  • Sample

    230208-a4msgafh2v

  • MD5

    84862aeda4f10279f6c1181bbc842ca1

  • SHA1

    3205b6e75684a05e1afa1e0e15eedfe5548bb1b0

  • SHA256

    0f26e57fdaae826c1af166660c08d2bde4a6b03864f30c7c6e1ce3cb036bcafa

  • SHA512

    2de9af8984eadc05980ecde207d11a73c606d8d2ea918f41a65b462f1403bd03881c5ef4370de4cfae4a23043d5a8a567e71282c15b146f01c1667b549f7e545

  • SSDEEP

    768:GgccWWhZ6V5rkNUQ36xOA82qLNm+N+Bek8j0X3/zEn2cUxsvpNg9F:GgcfWho5rkNp0OA8Fg8erEn2c/m9F

Score
10/10
xmrigminerupx

Malware Config

Targets

    • Target

      install.exe

    • Size

      71KB

    • MD5

      84862aeda4f10279f6c1181bbc842ca1

    • SHA1

      3205b6e75684a05e1afa1e0e15eedfe5548bb1b0

    • SHA256

      0f26e57fdaae826c1af166660c08d2bde4a6b03864f30c7c6e1ce3cb036bcafa

    • SHA512

      2de9af8984eadc05980ecde207d11a73c606d8d2ea918f41a65b462f1403bd03881c5ef4370de4cfae4a23043d5a8a567e71282c15b146f01c1667b549f7e545

    • SSDEEP

      768:GgccWWhZ6V5rkNUQ36xOA82qLNm+N+Bek8j0X3/zEn2cUxsvpNg9F:GgcfWho5rkNp0OA8Fg8erEn2c/m9F

    Score
    10/10
    xmrigminerupx

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks