Overview

overview

10

Static

static

3

a70282c0ab...c0.exe

windows7-x64

10

a70282c0ab...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a70282c0ab0e94d94882210ce719f9c0

  • Size

    53KB

  • Sample

    231222-qv1wqscdg4

  • MD5

    a70282c0ab0e94d94882210ce719f9c0

  • SHA1

    e6e0be764caffae6575955d8c35c6b4c51c9ae65

  • SHA256

    bc9b9d312d9fae95dc715cbc2dd064e95c5764aa8ed09c4ab0d747ac04e1a2f8

  • SHA512

    279cc4c50da7c6ed9c1ab41a254113f96eceeb0d1c8b27ad6e5616ef9cf6366e4523e91037c954c1330bf7f95ab8cd2073340364947579863595de66b51b23de

  • SSDEEP

    1536:1CGZqE0nG2Mg3mCMi0UV8hAiWF7sJlm58G:1CXMg3mziBqKjQOP

Score
10/10
xmrigminerpersistence

Malware Config

Targets

    • Target

      a70282c0ab0e94d94882210ce719f9c0

    • Size

      53KB

    • MD5

      a70282c0ab0e94d94882210ce719f9c0

    • SHA1

      e6e0be764caffae6575955d8c35c6b4c51c9ae65

    • SHA256

      bc9b9d312d9fae95dc715cbc2dd064e95c5764aa8ed09c4ab0d747ac04e1a2f8

    • SHA512

      279cc4c50da7c6ed9c1ab41a254113f96eceeb0d1c8b27ad6e5616ef9cf6366e4523e91037c954c1330bf7f95ab8cd2073340364947579863595de66b51b23de

    • SSDEEP

      1536:1CGZqE0nG2Mg3mCMi0UV8hAiWF7sJlm58G:1CXMg3mziBqKjQOP

    Score
    10/10
    xmrigminerpersistence

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks