Overview

overview

10

Static

static

1

6d1b84686d...d1.exe

windows7-x64

10

6d1b84686d...d1.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d1b84686d5dd7d8b6d0ab310b5481d1.exe

  • Size

    9.8MB

  • Sample

    230713-j8e3vsgg9t

  • MD5

    6d1b84686d5dd7d8b6d0ab310b5481d1

  • SHA1

    0c6b0da06b402c1c2af43f56bb1be86b398030c3

  • SHA256

    c5ffcc379272858774a19b9d43122e1ec4b23154c5721b7d8975dd7783f3c636

  • SHA512

    0bb0e0bc9003f41a793e4238bdd673880badf37725c458e72923dbffb76d857bd58af925fcdb3fb9fb0fbc29e95a393fbeca0c9565614d6a8d4c8f4f626e238e

  • SSDEEP

    196608:dFgA7mLzVoOUJ071rCohiKyjDl9E1V8D7tB9AShx:dFgA7mLzqJ071rCo+eVq7tBbhx

Score
10/10
xmrigevasionminer

Malware Config

Targets

    • Target

      6d1b84686d5dd7d8b6d0ab310b5481d1.exe

    • Size

      9.8MB

    • MD5

      6d1b84686d5dd7d8b6d0ab310b5481d1

    • SHA1

      0c6b0da06b402c1c2af43f56bb1be86b398030c3

    • SHA256

      c5ffcc379272858774a19b9d43122e1ec4b23154c5721b7d8975dd7783f3c636

    • SHA512

      0bb0e0bc9003f41a793e4238bdd673880badf37725c458e72923dbffb76d857bd58af925fcdb3fb9fb0fbc29e95a393fbeca0c9565614d6a8d4c8f4f626e238e

    • SSDEEP

      196608:dFgA7mLzVoOUJ071rCohiKyjDl9E1V8D7tB9AShx:dFgA7mLzqJ071rCo+eVq7tBbhx

    Score
    10/10
    xmrigevasionminer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks