General
-
Target
c3pool7.bat
-
Size
4KB
-
Sample
230806-21gktsdg9y
-
MD5
13e899d46060ac8afdf5f6cf24bee4cd
-
SHA1
28750ce262bd03b0b64c088b2c6c5f9f36318f69
-
SHA256
7ade6efc0209cfdf8ed8bfa290fefec1d377ebb999aed6fcdb2eab91cc61105f
-
SHA512
8ee8f1df3f83eb456637d33f2bac494e1076320c839b1c52bcd12edd7096560b4ae218aed3403e9d71566da395574103ccd24127321d4b1450050ec53caaedba
-
SSDEEP
96:djt+DMVGW8Zc44KVFZo2ZIr0yJ4im+Q39IvMV6kI:d2EPCc44aX2gO4iu3iO6kI
Static task
static1
Malware Config
Extracted
http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/WinRing0x64.sys
Extracted
http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/config.json
Extracted
http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/xmrig.exe
Extracted
http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/nssm.exe
Targets
-
-
Target
c3pool7.bat
-
Size
4KB
-
MD5
13e899d46060ac8afdf5f6cf24bee4cd
-
SHA1
28750ce262bd03b0b64c088b2c6c5f9f36318f69
-
SHA256
7ade6efc0209cfdf8ed8bfa290fefec1d377ebb999aed6fcdb2eab91cc61105f
-
SHA512
8ee8f1df3f83eb456637d33f2bac494e1076320c839b1c52bcd12edd7096560b4ae218aed3403e9d71566da395574103ccd24127321d4b1450050ec53caaedba
-
SSDEEP
96:djt+DMVGW8Zc44KVFZo2ZIr0yJ4im+Q39IvMV6kI:d2EPCc44aX2gO4iu3iO6kI
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Stops running service(s)
-
Executes dropped EXE
-