Extracted

• • Target

    2eb2782cc346b73b7180e3e9a220041c

  • Size

    9.3MB

  • MD5

    2eb2782cc346b73b7180e3e9a220041c

  • SHA1

    b5d7dbb4f29e2567f9e4d67a9d64d7034ff5a968

  • SHA256

    3220df74888873a8f81e0bde3f4743c25f908bf0c97b768863b67d8d78867425

  • SHA512

    5124335f1362a836dd6f539052f705e64d080fc640abaf489c2407b819de9e79740ca0d5cc8a32310acecdd5e6a6076d83cb4cb7d013fc82b49b060c2b67dec9

  • SSDEEP

    196608:DzB+082zIZNrOYyPugEl4ZXni32eZ3WU5QR6kj09F1lThXBhc+YX7:DzB+GeN/y2jl4N+2KWVR6u0P1l3Sj

  Score

  10^/10

  44caliberxmrigevasionminerstealerdiscovery

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Stops running service(s)

    evasion

  • Executes dropped EXE

  • Modifies file permissions

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2