General
-
Target
KPehvv7c439w9MBh.zip
-
Size
23.7MB
-
Sample
230907-xzr8qadd57
-
MD5
ce8c3a19c02171ee08102ad4551e8b6c
-
SHA1
6ca8b13fe4d67d315aa478183847c89597470b1d
-
SHA256
118a83cef7804742f9bc8f11c9deea34b84c35d65edca3036667edbd02dc7df8
-
SHA512
8ec7e27b75afaea43bffba6e7dc86ded309e9fd96a5a1b94d14e7f698e014e34ec856914454e212ec203c19c2671b1465d896659e988cb80a769627e16ea1804
-
SSDEEP
393216:LBuZ61iW8XBuZ61iW87BuZ61iW8bBuZ61iW8iBuZ61iW8tBuZ61iW8HBuZ61iW8b:L8wC8w+8wG8wX8wc8wy8wj8wX8wC8wNj
Malware Config
Targets
-
-
Target
QNREJhVYDhHk52cq3.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
RmJBfzgfbWELMdgn.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
TTVw7dDmSpz5mwee.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
qM5GMXBk6hJE6Y5e (16).exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
qM5GMXBk6hJE6Y5e (19).exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
qM5GMXBk6hJE6Y5e (4).exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
qM5GMXBk6hJE6Y5e(13).exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
qM5GMXBk6hJE6Y5e(14).exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
qM5GMXBk6hJE6Y5e(15).exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
qM5GMXBk6hJE6Y5e(17).exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
qM5GMXBk6hJE6Y5e(18).exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
qM5GMXBk6hJE6Y5e(6).exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-