Overview

overview

10

Static

static

10

8854ea1009...0b.exe

windows7-x64

10

8854ea1009...0b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8854ea10094635242d20a6e5bad446d6c21d5fc904543bc6ee13fff778b1030b

  • Size

    3.4MB

  • Sample

    240325-ypvfrsbd5w

  • MD5

    1f9f7c876d1e9d393d1d21629eb1f96f

  • SHA1

    d2f725fa67a3bfd6a8f3ebadee66e6171ab2e670

  • SHA256

    8854ea10094635242d20a6e5bad446d6c21d5fc904543bc6ee13fff778b1030b

  • SHA512

    d10a3f08f94c9b309c5c3a426fcfe9bb27419154033ccaaa3b6535d8a1d46cfee5875618030a42afce6ed5449c167330b8c21457b66798a0627d88135233d9a5

  • SSDEEP

    98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWa:SbBeSFkO

Score
10/10
xmrigminerupx

Malware Config

Targets

    • Target

      8854ea10094635242d20a6e5bad446d6c21d5fc904543bc6ee13fff778b1030b

    • Size

      3.4MB

    • MD5

      1f9f7c876d1e9d393d1d21629eb1f96f

    • SHA1

      d2f725fa67a3bfd6a8f3ebadee66e6171ab2e670

    • SHA256

      8854ea10094635242d20a6e5bad446d6c21d5fc904543bc6ee13fff778b1030b

    • SHA512

      d10a3f08f94c9b309c5c3a426fcfe9bb27419154033ccaaa3b6535d8a1d46cfee5875618030a42afce6ed5449c167330b8c21457b66798a0627d88135233d9a5

    • SSDEEP

      98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWa:SbBeSFkO

    Score
    10/10
    xmrigminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks