xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

PentagonRAT.zip
Size

18.9MB
Sample

230327-1hlw6ahd4z
MD5

4f866072236a55514a94be9dcf168223
SHA1

a30edbe7a06a55755a072d346135acfda24c568d
SHA256

7ff87dcb5532a742f2220e1e0a621ac802a1130109562f284b6083ec87274a6d
SHA512

8aadd9c15bb8dca001de548063c419d30f063a137e5078fc726498d61055ffdc84d8d7da78156d921ca635d55c9961a067555e0f9ec4bf2da735b17d334204e1
SSDEEP

393216:Odb5eycyyIIm07Nlul5dVqcjEHTi8QCr/ORab75SZ5gsS5:4GyyZm+fur33otQCjYO7IgF

Score

10^/10

Malware Config

Targets

- Target
  
  PentagonRAT/Bunifu_UI_v1.52.dll
- Size
  
  220KB
- MD5
  
  3764580d568e4fc506048e04db90562c
- SHA1
  
  e8d2771a4891ad7b751c4ac153f599d7d58ebd31
- SHA256
  
  27c8cea7e793ace737415881a5c16b4e2d98ce46609d272e82c6c905ad2d9f36
- SHA512
  
  fdc11be9388034404c9c71a60374486ff15d552bd8e9f7f74ca345e7d40df20dcb992e6d4e7b509e31e53c910e33ed8e275467da92c30193d6fab16934491763
- SSDEEP
  
  3072:UYZOzNgqlPPL42pFzo3tgyGkToR74K5BC6u+QVTNDcHaDDPuD6bl4:UYZYgEr44Fzo3tFIEKiJNDcHKPueb
Score

1^/10
behavioral1
- Target
  
  PentagonRAT/DevComponents.DotNetBar2.dll
- Size
  
  4.9MB
- MD5
  
  c554d8572ce8619ec94597fcbfef09d7
- SHA1
  
  b2e2fbfbe4e3747d824f5d6cabb5607275559929
- SHA256
  
  2e16f7eb5e8aa4ef66a1c0cc5e4b72290c3182d6f3d0a71f32d13fd2db732ef5
- SHA512
  
  73c08723319ebddc2023ea1436c27583894834f6667640de09c967cf149e7d564486ede7d256abad4987e6b4a30b994383095a2c969069a71be481531790a85b
- SSDEEP
  
  49152:jfbOajjkPV5M6BEng14kVsAtLMu5fnChs/V7aqONj9o0eXDRNnxfJtqUrSPNk/0R:GajjQ5M6Bcg1uAt3/VuqON
Score

1^/10
behavioral2
- Target
  
  PentagonRAT/Microsoft.VisualBasic.PowerPacks.Vs.dll
- Size
  
  253KB
- MD5
  
  3043e28485406c6ec7fb0b04a823bc8b
- SHA1
  
  86df606b2c3baaf8815a865335e1ab271de351c2
- SHA256
  
  a38189bdd330e7d2cf09b9662a910af6cac4ad15cba7e70891e364ae74b09b0e
- SHA512
  
  cb41d201bb1f5175c3af516014012881dd8bb87ff454c9a6082ab315f5c4d13521c93e3afd089ca9222dc4ffe8271efa0ad66141f4cdc4560d38893d1be5955d
- SSDEEP
  
  6144:2Efg1Rair3cRDM7sri+74KLDKzmJm73C5161Ddw:tfg1RCxmsri+74zu/eS
Score

1^/10
behavioral3
- Target
  
  PentagonRAT/Mono.Cecil.dll
- Size
  
  305KB
- MD5
  
  851ec9d84343fbd089520d420348a902
- SHA1
  
  f8e2a80130058e4db3cf569cf4297d07d05c93e0
- SHA256
  
  cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9
- SHA512
  
  5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1
- SSDEEP
  
  6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB
Score

1^/10
behavioral4
- Target
  
  PentagonRAT/Notificação.dll
- Size
  
  28KB
- MD5
  
  d829e5b1c0b11de40392ca48119579f1
- SHA1
  
  cbebbfb4550ee58220bc9e1bececcc6ac26d7667
- SHA256
  
  e490580642f1fb434fa82cff519a67e2c946ab6b1a996b7548090efa880d1a2f
- SHA512
  
  0fbbc283ab455c71c67fca0d08036c7b75829182245f1e25cc786f2d7e8195751a4eb5f6985cd604a17ea3753ac9126c9b09c7965a14e4e358033bae0cbb35cf
- SSDEEP
  
  384:QEB8TCduPEuokwNwAmkTDB+7HKNUaycIRByyanHCFUOFPwzPwLPwpPwJPwqnPwgz:ReYB++NUnBB36HVOhq4D7
Score

1^/10
behavioral5
- Target
  
  PentagonRAT/PentagonRAT Final Relasex.exe
- Size
  
  14.3MB
- MD5
  
  f087be9767a592fe6c3dcd79c5263f9d
- SHA1
  
  e81da1cac167705c60ea6831b6941b2b4aa3814d
- SHA256
  
  af43615598656605d2d8ce83fcecbe798456859bcd54acd5da3ce02de4dd5527
- SHA512
  
  c9d3cb29b7387999e49576afbcab850b2bd3e1769438e5c584c2d78c4e05236de40ef85885b463b4c197afe6c32e93a8ac95d02dd350841d69895ce5f3b26559
- SSDEEP
  
  393216:TWQtr5uX5PHGBhMVpwygcrzw9WrPTEPjyko:/tFuJvY65gc3mCPwe
Score

10^/10

xmrig evasion miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral6
- Target
  
  PentagonRAT/Plugin/Notificação.dll
- Size
  
  28KB
- MD5
  
  d829e5b1c0b11de40392ca48119579f1
- SHA1
  
  cbebbfb4550ee58220bc9e1bececcc6ac26d7667
- SHA256
  
  e490580642f1fb434fa82cff519a67e2c946ab6b1a996b7548090efa880d1a2f
- SHA512
  
  0fbbc283ab455c71c67fca0d08036c7b75829182245f1e25cc786f2d7e8195751a4eb5f6985cd604a17ea3753ac9126c9b09c7965a14e4e358033bae0cbb35cf
- SSDEEP
  
  384:QEB8TCduPEuokwNwAmkTDB+7HKNUaycIRByyanHCFUOFPwzPwLPwpPwJPwqnPwgz:ReYB++NUnBB36HVOhq4D7
Score

1^/10
behavioral7
- Target
  
  PentagonRAT/Plugin/cam.dll
- Size
  
  63KB
- MD5
  
  0d4ab8410480ff4e1cb47a83b8c4c53c
- SHA1
  
  87b5b1af02874f842ad5dbfd8a3cdec39bf25cfc
- SHA256
  
  e6f0cbfc23e3e19f0152167c7fe0029b91b2a378e535475b1abda2f34e2bdaff
- SHA512
  
  172a29105102836cacf9cfc52678b53026d6e7cd4a42fb70011e57c0b0c89eac4184c68f83a213e83b7f752cdf73ac5613638b0d75ea01d16320ae8e4a72dce1
- SSDEEP
  
  768:b5Svr1ThGIYTiuPbw4mOz9x3OSYNr+sL0twd9oZ7LmMxx8wW2epiN+K6seBL8Pov:UrC6OzLOSsr+o0eW7LhxxxbepigBoPG
Score

1^/10
behavioral8
- Target
  
  PentagonRAT/Plugin/ch.dll
- Size
  
  13KB
- MD5
  
  f6858cac29dc6961378ba20409ce01e9
- SHA1
  
  b9b7641a2ac35ce9c9df0f347cd2a7ad1050e853
- SHA256
  
  c8f824e44de97fcb6afbd9846b725408c62a003ef265d97955d9a61601f0f011
- SHA512
  
  74a32b92951ccb39ba67ab2be00fa45492921453d40e4f37ab86abef376ca0bc3369cd190073a70fa96a3bdeae9b12a77573d804e78d04aadcb2f2a2fa8a61b5
- SSDEEP
  
  192:TtS88rZZwYo8A6X1ybv4GHnR2e+KChMMwYIXU4MPFO:xS88NBo8+9f+xhMMwYIXU
Score

1^/10
behavioral9
- Target
  
  PentagonRAT/Plugin/fm.dll
- Size
  
  13KB
- MD5
  
  f58a576923ff3827ac9d67287732401f
- SHA1
  
  6e1dfe4e5301efa24f71690d5f899edd54c1b579
- SHA256
  
  436bd675f8ae12e39162344a63fb87bbf99e3194ba27799b4faa1a30e3079dce
- SHA512
  
  4264b2ebc27782254cafbf80c9a1f4fe0616950240631ad1989d32c6cec826ca0033f699b7857c5e053f9b21f54784fbe8693438762467dfbf8954df3bc5f307
- SSDEEP
  
  192:6vO5ceRrQHyW2GO3HHWhUreYnWnlBkOiYgl:6vO5piHyW2G2H2+reYnWnlBkfYg
Score

1^/10
behavioral10
- Target
  
  PentagonRAT/Plugin/pw.dll
- Size
  
  37KB
- MD5
  
  4ee1a499e903cd0cb561682b4eb68a91
- SHA1
  
  a35866ff36a7ec0a226b8f814f3642185742020e
- SHA256
  
  efa05a4bb42843236ba64393be0cb5ff073baa9c71b308cfb052b2e317ac8715
- SHA512
  
  00def300ecd4c4e257bc1e7c67f6b9851853f54fc51c1da734f5927a140f4405baa10f7a6fa333013aa7cc8683cbaf14bf290d78618041955590710803c7e7f7
- SSDEEP
  
  768:mNdzkF9F2SbQiRbb34cEyiJ3nfSgT2VY:mNdgF9k4R/34cxkag0Y
Score

1^/10
behavioral11
- Target
  
  PentagonRAT/Plugin/sc2.dll
- Size
  
  10KB
- MD5
  
  fc2edece5e0350eedc88eb889eec3de8
- SHA1
  
  9ba24a132fb7fb86a25827c126224591fcf5f776
- SHA256
  
  3bd3e39e23fbc1c4f544911f5a5071ca0d77837cc101f8a80f6dabb740ce9121
- SHA512
  
  f6e3d3fb5571109acade35857f555c34c3a8bc836e059cd4262575f10718b72e73c278dcc525bb5e50333331cd7a96c115bfd7b05e3ebdf76c25d632690ed829
- SSDEEP
  
  192:B5hbf96wNDFlmbZTA6anEaaPs6v/43nJMqfOdiW:zPhOZaEaaPtv/43JRj
Score

1^/10
behavioral12
- Target
  
  PentagonRAT/Stub/MemoryDiagnostic.exe
- Size
  
  11KB
- MD5
  
  509445567ff64a14b2739291721005c7
- SHA1
  
  bbe87d6c5ab0b4eed21e22f6bad2828f43871e99
- SHA256
  
  08f5923ff24fb4839802eec097072014741cc463951d1fdcaa3ad08ee4171233
- SHA512
  
  4d2fcc00fdc3ae598de299bbf52f3e3dd1d72ac25c2edf78061af97fa8b77f6287b0f56d3168a60e2182ae56d6b817872175f500fde8f4f0c34749bb37800053
- SSDEEP
  
  192:cG5xyxZOxGvH1xVZTStSXnWj0qqcZIW1YNn/L9uYolDv7ZTubnMxb:cgGv/VUQXDqqcWn/LwzNTubMx
Score

1^/10
behavioral13
- Target
  
  PentagonRAT/Stub/Security.exe
- Size
  
  101KB
- MD5
  
  5a40bc3e16a86ba21538efbf0917f551
- SHA1
  
  48e5dded4eebf3c8a6ffb3b797036edc4fcabcfe
- SHA256
  
  e53b8df6d3b5e38f5b9b105465e208a1ef8ca61fdc2187b50464f0b5ab7873c1
- SHA512
  
  4096eb5c3c67678ba1010bf9706227e1b4c40948daaea935660dc1cff7a05571e01866ff9929b692b3ed3a1de8aafd72e5bcf9b34615efe22218a7610b953c8e
- SSDEEP
  
  3072:S80bdluU1HPqm6Rd4rKXxfUCHXxfUCnLbkEYBoNU:nBU1vqmuLXxfUCHXxfUCnLb7U
Score

3^/10
behavioral14
- Target
  
  PentagonRAT/UPX/mpress.exe
- Size
  
  101KB
- MD5
  
  8b632bfc3fe653a510cba277c2d699d1
- SHA1
  
  d6a57aa17e5eb51297def9bac04e574c1e36d9c7
- SHA256
  
  2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4
- SHA512
  
  b9ea70ed984d3b4a42eceb9f34f222b722c4c1985b79b368d769fe0fd1f19f037ffebe2cf938aa98ed450337836a7469d911848448d99223995f7fb3a9304587
- SSDEEP
  
  3072:S0+mlNniJkkKcfqBOb65VgB183gUGQ340HpL:SvmlNn4kkeOAVA1rUGh0Hp
Score

1^/10
behavioral15

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

XMRig Miner payload

Modifies Windows Firewall

Checks computer location settings

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15