General

  • Target

    setup.exe

  • Size

    258KB

  • Sample

    230331-a2b8ysga38

  • MD5

    041b96460a5646b883436e0b327829eb

  • SHA1

    52cff10434f104bda83a988f34c6206563d458b5

  • SHA256

    831de4f721d72790aa397a9f8ad7b02eaf86b4d522748452922260b0b2127d92

  • SHA512

    1182b0eaac12030b3a90e701ba0c1973bcbbeec0283341a84980648bcab23d4a8bc4bddb49197783d5ca0adb6f236ee7e46ea22e640b8f6cd74487dc3aac96ba

  • SSDEEP

    6144:otjpISgwKH0fqmTSyteqsmri+c2Y7PFT5X8WBIP0GQkA7Hi6SicHQ9:mjRgwnf9Wmri+c2WPF9XsP0GQkALSnu

Score
10/10

Malware Config

Targets

    • Target

      setup.exe

    • Size

      258KB

    • MD5

      041b96460a5646b883436e0b327829eb

    • SHA1

      52cff10434f104bda83a988f34c6206563d458b5

    • SHA256

      831de4f721d72790aa397a9f8ad7b02eaf86b4d522748452922260b0b2127d92

    • SHA512

      1182b0eaac12030b3a90e701ba0c1973bcbbeec0283341a84980648bcab23d4a8bc4bddb49197783d5ca0adb6f236ee7e46ea22e640b8f6cd74487dc3aac96ba

    • SSDEEP

      6144:otjpISgwKH0fqmTSyteqsmri+c2Y7PFT5X8WBIP0GQkA7Hi6SicHQ9:mjRgwnf9Wmri+c2WPF9XsP0GQkALSnu

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Command and Control

Web Service

1
T1102

Tasks