General

  • Target

    2db57ce54e3c9ee09054c858d89e9300.bin

  • Size

    205.9MB

  • Sample

    231031-bzfc9sfh2x

  • MD5

    2db57ce54e3c9ee09054c858d89e9300

  • SHA1

    eceb2f537bed937badcd1ff64eff898584f1a238

  • SHA256

    8374150f7e13d1cdc83fd837b81155268daa32c4cf645bbfa557f59c532d4e16

  • SHA512

    331ad9ac464b4370f1497c387e33ac86dbffe0aff418f8e458ff528a10477ce865eefa07e7313f3cbaf06b98e6cf5dd308e2d53acfc77a373dffb401706e397d

  • SSDEEP

    196608:Y+Q/XL8rMJqxd9aammTdhs5vARNEdwjRRj1iwXx1oW:Y+Q/b8rMJ2dMammJhs+EMRJiwXxP

Malware Config

Targets

    • Target

      2db57ce54e3c9ee09054c858d89e9300.bin

    • Size

      205.9MB

    • MD5

      2db57ce54e3c9ee09054c858d89e9300

    • SHA1

      eceb2f537bed937badcd1ff64eff898584f1a238

    • SHA256

      8374150f7e13d1cdc83fd837b81155268daa32c4cf645bbfa557f59c532d4e16

    • SHA512

      331ad9ac464b4370f1497c387e33ac86dbffe0aff418f8e458ff528a10477ce865eefa07e7313f3cbaf06b98e6cf5dd308e2d53acfc77a373dffb401706e397d

    • SSDEEP

      196608:Y+Q/XL8rMJqxd9aammTdhs5vARNEdwjRRj1iwXx1oW:Y+Q/b8rMJ2dMammJhs+EMRJiwXxP

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • XMRig Miner payload

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks