Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    779KB

  • Sample

    230411-yhhtdsge3x

  • MD5

    0d09bab273d2e6e9ddfe98be63a6500c

  • SHA1

    4af9a996d3a6359cb5870c5eba93b53d91e48c20

  • SHA256

    6b4bdd66b03091c41c55b66b2dcb706bcfbea63d9edb7b711dd99e377ae9f863

  • SHA512

    bf9303258982c1ff5cd325b2dcff5797189d7dc13438f2e15967e5da78af8d62e4500225985129e1a6bc85285979de044d50cd81086492e33777c31b87e75990

  • SSDEEP

    12288:+ihzIYnerNITYUF0BPbrmQNpglLtODCGbBPN1g15YpCok9t9hGSDdz0kz:+Mneh+abrVpglJ8/a5YpCBH5DdJz

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      file.exe

    • Size

      779KB

    • MD5

      0d09bab273d2e6e9ddfe98be63a6500c

    • SHA1

      4af9a996d3a6359cb5870c5eba93b53d91e48c20

    • SHA256

      6b4bdd66b03091c41c55b66b2dcb706bcfbea63d9edb7b711dd99e377ae9f863

    • SHA512

      bf9303258982c1ff5cd325b2dcff5797189d7dc13438f2e15967e5da78af8d62e4500225985129e1a6bc85285979de044d50cd81086492e33777c31b87e75990

    • SSDEEP

      12288:+ihzIYnerNITYUF0BPbrmQNpglLtODCGbBPN1g15YpCok9t9hGSDdz0kz:+Mneh+abrVpglJ8/a5YpCBH5DdJz

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks