Overview

overview

10

Static

static

3

F-VPN.exe

windows7-x64

10

F-VPN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    F-VPN.exe

  • Size

    7.1MB

  • Sample

    230701-kd2h2sgc97

  • MD5

    7106aab423db77a92c6e97a70bc8ef84

  • SHA1

    ffa5faac3ffd055869f5e5ee1a8106dc6a6cdea7

  • SHA256

    bf92cc39c4a885688598416d73f1d720023b7ff573224ab6b0790a042983245b

  • SHA512

    76fe0b1fbe366708ad53bbaa67a686e4fe7c5f59099c4143c88c032d0d3fdea977af7f4c43b93f8a6108ccb7a6c2361a7bed91de8f99e00e248275d781e18c2a

  • SSDEEP

    196608:l4R4y6i8QjS6/4osJem6/QBDpnDpxGTlO9enTtK6eq/g:y4O8QjVsJe//ANnD6TE9ecv3

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      F-VPN.exe

    • Size

      7.1MB

    • MD5

      7106aab423db77a92c6e97a70bc8ef84

    • SHA1

      ffa5faac3ffd055869f5e5ee1a8106dc6a6cdea7

    • SHA256

      bf92cc39c4a885688598416d73f1d720023b7ff573224ab6b0790a042983245b

    • SHA512

      76fe0b1fbe366708ad53bbaa67a686e4fe7c5f59099c4143c88c032d0d3fdea977af7f4c43b93f8a6108ccb7a6c2361a7bed91de8f99e00e248275d781e18c2a

    • SSDEEP

      196608:l4R4y6i8QjS6/4osJem6/QBDpnDpxGTlO9enTtK6eq/g:y4O8QjVsJe//ANnD6TE9ecv3

    Score
    10/10
    xmrigminer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks