General

  • Target

    W1nnerFree CS2.rar

  • Size

    21.4MB

  • Sample

    240220-bflqyaha56

  • MD5

    efe29a984bfbe0eff51782cae6739bd8

  • SHA1

    389cbc819c918bfdc8ce46ea7e481135d89b978e

  • SHA256

    69bef682277aa8ed7ffdb645a8e41d1f1d279380cc799256132d0cac50582890

  • SHA512

    8cf017334cdc4ab58487c853ca150f36b51782d34e9fb3b231bd8271f36989ebdbab8166e0ced77b71c0e4e7d4e24f232cebb1ab9998deb64a2872d23f2a7d50

  • SSDEEP

    393216:rX27C+BNIEGAspjZaLn/riPP/ZxgVQBYUd56UE6tZfbiNo2BLWEwfP1a:rXe3IEGDq/QP7gE962DmzLWJfta

Malware Config

Targets

    • Target

      W1nnerFree CS2.exe

    • Size

      21.4MB

    • MD5

      7494cccce30350832ac77113f3cf28d8

    • SHA1

      ffba86775e5dc0a12957249e5f2d1c48bb1c58f0

    • SHA256

      0fa48a6368effe6c9373dd34f9f26bf7f0a2050aab330cefc5acc6de5030ecb6

    • SHA512

      94550c34c2887ca3227bfc559eeb2806bdd189b31bd866facbc5ed22ff2f6dc89684b268aa22a36c1b6a062deb2db6545d4e1b021a572f85fc9fcf7f65d059e7

    • SSDEEP

      393216:KYd9oOoUptPemm5HCizqg+o1sg1t6u14FBmqXiW2wcpIZSFH+fbYdUvCAhZ:pdnh/Ge41L1th15qIT41fsdU6m

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • LoaderBot executable

    • XMRig Miner payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Target

      $1/1337/ExLoader_Installer.exe

    • Size

      19.8MB

    • MD5

      afcb0e5c7c35c05970a74a1aab5fe12e

    • SHA1

      42eacb7a9594ee0a6242d3bc3c33b6c60b3fc319

    • SHA256

      f1e92828ebf9e2443f36c03a5a66a4fba4bd8744ecf5bbf59fc69c84d7a95d18

    • SHA512

      fe62d4b1ec93a21a7b1f80e5f42b17c0c43d794b99e7e87fb6fea86d82ac080d76dcf9a3e96516303ccaf88b8101523a23f5b7f560bd3f4bb2745ac1f71b4dfb

    • SSDEEP

      393216:QuTOvTuAnHmMgEMSb6qLdTcmtgt+BDMncawXAKaVnayxZtFDtq:dUTPGMzpbpT8+BInf46VnvHrJq

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $1/1337/MinerMega.exe

    • Size

      4.0MB

    • MD5

      d1f8ccf271359d1d1840075b3065cdaa

    • SHA1

      5b316201fb5d9705e20398ded7d0441962e2b183

    • SHA256

      5817eb190e2adfb6b1a8488df5e83cda619969a4ea5cccca282a348ef35d09ad

    • SHA512

      5fb53f967b940f76b9c98d09773bea69c6ccbfd2469b9eb64868042f2ee56860d8a000b469ce941a2241adbe261ace43273c9a6cef9821ff6eabeb8f63b81e07

    • SSDEEP

      49152:ENDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:SzP88fBsnZTgOtqB3m1RC3

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • LoaderBot executable

    • XMRig Miner payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      2ae993a2ffec0c137eb51c8832691bcb

    • SHA1

      98e0b37b7c14890f8a599f35678af5e9435906e1

    • SHA256

      681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

    • SHA512

      2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

    • SSDEEP

      192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks