Overview

overview

10

Static

static

3

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    648KB

  • Sample

    230511-av7fhscf91

  • MD5

    632bffe7bf3bb5477a6627605dad9960

  • SHA1

    31cb12b1cfd8036c705fc94d93199ab51b04c4ff

  • SHA256

    2cb4f54c95cd9f9f60761974613969f5923be7e247282a6369557730a42a4ef2

  • SHA512

    7b8169b117c2058120bd4799464753c9ccc1a7daa3db1501c51a9de7d5b09b089be18ddf1f64be93666d47a39ca009b729828634dc2e641bb28c7a6b284f194e

  • SSDEEP

    12288:UTNcP5vvvd1gHHsD4MfGkodVtc+lWHG+/sDjIxiA44CNcx8:jP5vvvYHlkodVewARFxi540cx

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      file.exe

    • Size

      648KB

    • MD5

      632bffe7bf3bb5477a6627605dad9960

    • SHA1

      31cb12b1cfd8036c705fc94d93199ab51b04c4ff

    • SHA256

      2cb4f54c95cd9f9f60761974613969f5923be7e247282a6369557730a42a4ef2

    • SHA512

      7b8169b117c2058120bd4799464753c9ccc1a7daa3db1501c51a9de7d5b09b089be18ddf1f64be93666d47a39ca009b729828634dc2e641bb28c7a6b284f194e

    • SSDEEP

      12288:UTNcP5vvvd1gHHsD4MfGkodVtc+lWHG+/sDjIxiA44CNcx8:jP5vvvYHlkodVewARFxi540cx

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks