Overview

overview

10

Static

static

1

rbxidle-in...r.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rbxidle-installer.exe

  • Size

    14KB

  • Sample

    240214-h3kkqade53

  • MD5

    59a7b0391dbf371deb27824aebf9677b

  • SHA1

    f6b6376b8643cb60ac3cfd46a6a31f9d2604acbf

  • SHA256

    357de1cb52f6de3e6eeed296f701a6c607d71f30c9f066bb0d5086f1deaccc68

  • SHA512

    fbd8c8e84562f61313a1fa188ac824619554d1d8204ca2271a89ce3d1ad32bd1ec931946e3af404374c90b6e126baee629f1932f61c6b0818da4106310790393

  • SSDEEP

    192:PNx5Ssv99qXoqTJkNr423wqh0x03kEi43OudooF+vtlyyN:5Ssl9qYoJkN0pBi0tmOiooF+jN

Score
10/10
xmrigdiscoveryminerpersistence

Malware Config

Targets

    • Target

      rbxidle-installer.exe

    • Size

      14KB

    • MD5

      59a7b0391dbf371deb27824aebf9677b

    • SHA1

      f6b6376b8643cb60ac3cfd46a6a31f9d2604acbf

    • SHA256

      357de1cb52f6de3e6eeed296f701a6c607d71f30c9f066bb0d5086f1deaccc68

    • SHA512

      fbd8c8e84562f61313a1fa188ac824619554d1d8204ca2271a89ce3d1ad32bd1ec931946e3af404374c90b6e126baee629f1932f61c6b0818da4106310790393

    • SSDEEP

      192:PNx5Ssv99qXoqTJkNr423wqh0x03kEi43OudooF+vtlyyN:5Ssl9qYoJkN0pBi0tmOiooF+jN

    Score
    10/10
    xmrigdiscoveryminerpersistence

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks