General

  • Target

    c2c8cf489c4db43cc0f19d2bd678c025

  • Size

    17.8MB

  • Sample

    231222-rs3szsche5

  • MD5

    c2c8cf489c4db43cc0f19d2bd678c025

  • SHA1

    1dfe9a9d9c561c3ed4795ab83fdd88c858fd15fe

  • SHA256

    d4d3dbb7fdfe7ef3b8ab362f8b41a5447cabd0955b9dbc0d2fc7c5e4e7c8ad4b

  • SHA512

    6a8f721326146e7ccb2108aace611077f4a3fd771e4087364d1b5b19af6c776094394ceccfabc32717e2be9f6f6debe2aa2e111f8502c3ecbae21ab0c78c907e

  • SSDEEP

    393216:x/9LM/LTiFZGZTUze2hlu5QqKzZfsHFWBD3ybnCGH3xe:x/9LMLmFZ4Tey2zZ6sCbnCS

Malware Config

Targets

    • Target

      c2c8cf489c4db43cc0f19d2bd678c025

    • Size

      17.8MB

    • MD5

      c2c8cf489c4db43cc0f19d2bd678c025

    • SHA1

      1dfe9a9d9c561c3ed4795ab83fdd88c858fd15fe

    • SHA256

      d4d3dbb7fdfe7ef3b8ab362f8b41a5447cabd0955b9dbc0d2fc7c5e4e7c8ad4b

    • SHA512

      6a8f721326146e7ccb2108aace611077f4a3fd771e4087364d1b5b19af6c776094394ceccfabc32717e2be9f6f6debe2aa2e111f8502c3ecbae21ab0c78c907e

    • SSDEEP

      393216:x/9LM/LTiFZGZTUze2hlu5QqKzZfsHFWBD3ybnCGH3xe:x/9LMLmFZ4Tey2zZ6sCbnCS

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks