Extracted

Extracted

• • Target

    6c529743ff7449c8c9246fa358f7fcaed3e3744acdb63dced608a1d964d709fe

  • Size

    534KB

  • MD5

    b1124e358c72fd337d7f1bb1aef6944c

  • SHA1

    79a391da59254e2a7cbaa9cc1b7f88c37fbbd8d7

  • SHA256

    6c529743ff7449c8c9246fa358f7fcaed3e3744acdb63dced608a1d964d709fe

  • SHA512

    2d163e0005f3953bff9bbecb5766c4f47452540e913f8b2936fe6b2b794d5caeb42c3cb33e33490e22f4af7717cc3c777a4646a770ed3f6b3af8cb3fd6b89dc4

  • SSDEEP

    6144:M+AUxvdjNgBoHFIZ0YesFZITJuUQnJC3zj7j49fV:4QNg2FTJuUQnUPfmV

  Score

  10^/10

  gluptebasmokeloaderxmrigup3backdoordiscoverydropperloaderminertrojan

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1