Overview

overview

10

Static

static

3

4BOT.exe

windows10-2004-x64

10

Resubmissions

25/04/2023, 13:06

230425-qb6mwacc7x 10

25/04/2023, 12:56

230425-p6tq5aad89 10

25/04/2023, 12:54

230425-p5dzaacc5s 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4life kopalnia (vmka RAT!!!!).rar

  • Size

    15.8MB

  • Sample

    230425-qb6mwacc7x

  • MD5

    cbb1d251d53f06f2120315be4f1f60a7

  • SHA1

    f6faa01170df8e05a1d1e05ec2a3a2d572a7aee2

  • SHA256

    a64f74746190a2da55afe7b5b6a95e826c6aa70afda165b276489d1738783631

  • SHA512

    c3bc93d17d396a6f38b3fca7cb3154275b6029d8af000a699e19001b55d4bda6466b114e69bd0c3b1a84c8c72aa0e12d8a55500e5b81ab4b9df0011d9514e95b

  • SSDEEP

    393216:Sj9LbXygD9TU8xdbNpDCYTGxirRLEeu6C:SRLb79IkdJpDCIeiFLEeu6C

Score
10/10
xmrigevasionminertrojanupx

Malware Config

Targets

    • Target

      4BOT.exe

    • Size

      4.1MB

    • MD5

      6ce29e0f74ff2df208a44a3324472cb5

    • SHA1

      5653ceb3aa850ac17c862d910c9c0d3aa2d15bac

    • SHA256

      5eeb67c1b9e0fac082836a13b7c60157404ea376b0c910a5fbfb98df7f99f26e

    • SHA512

      b38d65de4b738044128fc40ce68aa9211805ab25bf6585fd21a7fc2c156f02fa14457dba618587a1ad4fee44e0ca9f51fa52ac7291656129d16d1c693222932a

    • SSDEEP

      98304:CGaVlKvrfPSEA4zeA9G2Z3IopMW9vSkkslgMNBKQxLOO705M:Y7KDfPpA4h/vl2slgMNQxO702

    Score
    10/10
    xmrigevasionminertrojanupx

    • Modifies security service

      evasion

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • XMRig Miner payload

      miner

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks