Extracted

• • Target

    Setup.exe

  • Size

    4.6MB

  • MD5

    bb2b9511686430b87050de9f08c2ee00

  • SHA1

    feb8169cdbe630f031e544f83a2fb91602cef66e

  • SHA256

    e4d521e8c1f8bc496fe8fcdf2e083f0ab341696723586c83c12c5b13013843c3

  • SHA512

    bcb9201aa95ecc98eca716b5857b1a239345d11e47574a2b3d18e36e7749cc6deab789d0925226b201093f1ba43d0b99c7cfc75511042577295e9151cf9960f5

  • SSDEEP

    49152:dR9E4Y11/XROYJ82hfTfzM1tPgxjt4pb5jJYkaP5EL2WtGifV9FKc0i7h01W7x:KjzRHD3jdErG4V9h7x

  Score

  10^/10

  xmrigminerspywarestealer

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2