General
-
Target
7200c37d677e63exeexeexeex.exe
-
Size
8.9MB
-
Sample
230708-y69a9aah2t
-
MD5
7200c37d677e63a27a6272614ef79a8b
-
SHA1
affe66518b460aed9a8b2c0f09a6cd9b014f9198
-
SHA256
38acdb20877358793a17173ccb8f90a1a6bda0671339cc6a4c0ccd2adfed2abf
-
SHA512
380385695428e7a43141cf036c2ebc22bc4e69087e8cd1b7d055fb5ab730aec3f0aebe90ae80117e2a9791176255bb205cd4e48740f88dd47b3c13bf5deac7eb
-
SSDEEP
196608:MxygkmknGzwHdOgEPHd9BRX/nivPlTXTYo:Y5jz0E51/iv1
Malware Config
Targets
-
-
Target
7200c37d677e63exeexeexeex.exe
-
Size
8.9MB
-
MD5
7200c37d677e63a27a6272614ef79a8b
-
SHA1
affe66518b460aed9a8b2c0f09a6cd9b014f9198
-
SHA256
38acdb20877358793a17173ccb8f90a1a6bda0671339cc6a4c0ccd2adfed2abf
-
SHA512
380385695428e7a43141cf036c2ebc22bc4e69087e8cd1b7d055fb5ab730aec3f0aebe90ae80117e2a9791176255bb205cd4e48740f88dd47b3c13bf5deac7eb
-
SSDEEP
196608:MxygkmknGzwHdOgEPHd9BRX/nivPlTXTYo:Y5jz0E51/iv1
Score10/10-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Contacts a large (52000) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
XMRig Miner payload
-
mimikatz is an open source tool to dump credentials on Windows
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Creates a Windows Service
-
Drops file in System32 directory
-