Overview

overview

10

Static

static

7

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    3.2MB

  • Sample

    230719-1yb2wsbh91

  • MD5

    3a20a6145a7a57af149bfd110fdd6300

  • SHA1

    7626cf05a564a565d17cb85aaf6b93c871c3de91

  • SHA256

    8e9e34d70a388ee2721911e266e68ebfcdaf460803fa1baf66f9b6cbf560b2a9

  • SHA512

    182bf26f7d072d56a0435c4a088baa2d5d1d58c8c048c7f517a91177ee6cec52f3e83e2bfbaf5f046265117281daf059d6bca39cecd5fa279ff081f7fff9319d

  • SSDEEP

    49152:2PtyRSv3AJhGiPWGhUyJ4STSVP1JXrb2XpZofxX3ePG0cid7X9MJM5r:EcRe388iPWGmyJ5GV7n2XjOXeGxihrr

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      file.exe

    • Size

      3.2MB

    • MD5

      3a20a6145a7a57af149bfd110fdd6300

    • SHA1

      7626cf05a564a565d17cb85aaf6b93c871c3de91

    • SHA256

      8e9e34d70a388ee2721911e266e68ebfcdaf460803fa1baf66f9b6cbf560b2a9

    • SHA512

      182bf26f7d072d56a0435c4a088baa2d5d1d58c8c048c7f517a91177ee6cec52f3e83e2bfbaf5f046265117281daf059d6bca39cecd5fa279ff081f7fff9319d

    • SSDEEP

      49152:2PtyRSv3AJhGiPWGhUyJ4STSVP1JXrb2XpZofxX3ePG0cid7X9MJM5r:EcRe388iPWGmyJ5GV7n2XjOXeGxihrr

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks