General

  • Target

    New Text Document mod.exse.zip

  • Size

    3KB

  • Sample

    231220-rw14kafcc2

  • MD5

    9a844d7c46080976329f01bfe0678d18

  • SHA1

    7a792324a579c2174a9eeab9be9499026c0ae88e

  • SHA256

    910503e84802a7ecca28a47e128d93b45fc29cae30ba38e5e5eca141c65dedf8

  • SHA512

    e83d4f318970da31224a28b5469fb6181c0197db13bbe06a89f5264a81c9cd02a4a8e93e07e8aa9411eb8a15173a2db05cde35d57c022ad6793e2b939ab4dd76

Malware Config

Targets

    • Target

      New Text Document mod.exse

    • Size

      8KB

    • MD5

      69994ff2f00eeca9335ccd502198e05b

    • SHA1

      b13a15a5bea65b711b835ce8eccd2a699a99cead

    • SHA256

      2e2e035ece4accdee838ecaacdc263fa526939597954d18d1320d73c8bf810c2

    • SHA512

      ced53147894ed2dfc980bcb50767d9734ba8021f85842a53bb4bb4c502d51b4e9884f5f74c4dd2b70b53cafbe2441376675f7bd0f19bb20a3becb091a34fb9f3

    • SSDEEP

      96:y7ov9wc1dN1Unh3EHJ40CUJCrQt0LpCBIW12nEtgpH9GIkQYQoBNw9fnmK5iLjTv:yZyTFJfCB20LsBIW12n/eIkQ2BNg5S1

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Downloads MZ/PE file

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks