Overview

overview

10

Static

static

7

b938598941...86.exe

windows7-x64

10

b938598941...86.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b938598941bc685645ce1a2f7ae93e86.exe

  • Size

    9.8MB

  • Sample

    230719-2lhvcacb2t

  • MD5

    b938598941bc685645ce1a2f7ae93e86

  • SHA1

    056bb6dfb1f8223eefdb786d9d346766ed0ee98d

  • SHA256

    544e42d33423d4dc27edf3acb6edc56c77346e833a71b353c393e5bb7f8ccf85

  • SHA512

    69c1b008ea3d57aa9164f368d70a386fda523ec3cb43bea9ea53599592d805137cbf8fa009966f31d289bafe1bc059d6393265cb5f0a063fb7f19d018f91b861

  • SSDEEP

    196608:jgULpiWPCJcHhcdEkCu9g2LCseyu1WjUee7DJiSn616R/K:jt/icHhcd1C8ayu18U961r

Score
10/10
xmrigevasionminerthemidatrojan

Malware Config

Targets

    • Target

      b938598941bc685645ce1a2f7ae93e86.exe

    • Size

      9.8MB

    • MD5

      b938598941bc685645ce1a2f7ae93e86

    • SHA1

      056bb6dfb1f8223eefdb786d9d346766ed0ee98d

    • SHA256

      544e42d33423d4dc27edf3acb6edc56c77346e833a71b353c393e5bb7f8ccf85

    • SHA512

      69c1b008ea3d57aa9164f368d70a386fda523ec3cb43bea9ea53599592d805137cbf8fa009966f31d289bafe1bc059d6393265cb5f0a063fb7f19d018f91b861

    • SSDEEP

      196608:jgULpiWPCJcHhcdEkCu9g2LCseyu1WjUee7DJiSn616R/K:jt/icHhcd1C8ayu18U961r

    Score
    10/10
    xmrigevasionminerthemidatrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • XMRig Miner payload

      miner

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks