General
-
Target
4f1c5c4fe87d7e64466afd1850aeb0c2
-
Size
4.1MB
-
Sample
240110-axcnxsaebm
-
MD5
4f1c5c4fe87d7e64466afd1850aeb0c2
-
SHA1
9256f3a6c36a7dc265555795d6a4f28e97b1aeb3
-
SHA256
44873eb5eb2117feff648571cce3503b21522beadafc2c7b64d8af9caca5a8dc
-
SHA512
2356aa91ea1e372de57fec2f3f28902c2c5bddabdb638ffd1bc582eba9cd2f683a7724691de4b2fb55dbfa0cdda66bea1bba981f7984fc3667476055d88155b4
-
SSDEEP
98304:3ftEAoiH6sp7l5qZiTs0nrwbB9oaNLcGlk+hHOfMVzdQqII:3JqCsxbB9oMLcB+hTxdj
Malware Config
Targets
-
-
Target
4f1c5c4fe87d7e64466afd1850aeb0c2
-
Size
4.1MB
-
MD5
4f1c5c4fe87d7e64466afd1850aeb0c2
-
SHA1
9256f3a6c36a7dc265555795d6a4f28e97b1aeb3
-
SHA256
44873eb5eb2117feff648571cce3503b21522beadafc2c7b64d8af9caca5a8dc
-
SHA512
2356aa91ea1e372de57fec2f3f28902c2c5bddabdb638ffd1bc582eba9cd2f683a7724691de4b2fb55dbfa0cdda66bea1bba981f7984fc3667476055d88155b4
-
SSDEEP
98304:3ftEAoiH6sp7l5qZiTs0nrwbB9oaNLcGlk+hHOfMVzdQqII:3JqCsxbB9oMLcB+hTxdj
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
XMRig Miner payload
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2