General

  • Target

    AI WF GOOGLE.exe

  • Size

    17.9MB

  • Sample

    240302-s2q18aef41

  • MD5

    984f6bf56fae059f289bd860718bc294

  • SHA1

    160cc904fb52494211fdd10af0a76ee5bd78eb48

  • SHA256

    5dc5de381947ec24c3c3fcec600c354299ee50265c7ce66daf95a1f12d1d86f3

  • SHA512

    363a52b16b0513faf0c8d13df9cabbea03e3b73a23ed8e3203cbc33cf02205a4257824d71590ebb85af2bb5b3ba78b8df8e8fd4f75ce2b2c9b161439168265d1

  • SSDEEP

    393216:4Sxhi0OemBUiVroCClfgnK+wm9ef72IimHOQ:4SxYRC9+wD2qHOQ

Malware Config

Targets

    • Target

      AI WF GOOGLE.exe

    • Size

      17.9MB

    • MD5

      984f6bf56fae059f289bd860718bc294

    • SHA1

      160cc904fb52494211fdd10af0a76ee5bd78eb48

    • SHA256

      5dc5de381947ec24c3c3fcec600c354299ee50265c7ce66daf95a1f12d1d86f3

    • SHA512

      363a52b16b0513faf0c8d13df9cabbea03e3b73a23ed8e3203cbc33cf02205a4257824d71590ebb85af2bb5b3ba78b8df8e8fd4f75ce2b2c9b161439168265d1

    • SSDEEP

      393216:4Sxhi0OemBUiVroCClfgnK+wm9ef72IimHOQ:4SxYRC9+wD2qHOQ

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Creates new service(s)

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks