General
-
Target
240326-3c4wwshf6z_pw_infected.zip
-
Size
981KB
-
MD5
c59b8a2fcb3b0ac5f3cf3a0132b17ca1
-
SHA1
f3e13cfbd4c94561d71b1fd486eccec55e3aa8f9
-
SHA256
703cf82138a2ff68bd8ebced0ba92640ad1ed9f14fdd471f99dc347cd4742660
-
SHA512
f92cd2119179afc5262bd427709d6ac9e410ce35f799c127555158135abcb30c0ff0b802f1452c67337a5d2da90db1f27b71017c3ddc53a9acef952986103dd8
-
SSDEEP
24576:ZASlD8HQI2PTl8XN+XYJesYm4j7Cfn6bJoOBKPOuYi3I:Z9BPI2R8XN+osC4j7knZPNZ3I
Malware Config
Signatures
-
XMRig Miner payload 1 IoCs
resource yara_rule static1/unpack001/a86060d60ff41b92fc6bf641ef1b6312f69cb552e5e3f7a342d3ffef45b298f8 xmrig -
Xmrig family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/a86060d60ff41b92fc6bf641ef1b6312f69cb552e5e3f7a342d3ffef45b298f8
Files
-
240326-3c4wwshf6z_pw_infected.zip.zip
Password: infected
-
a86060d60ff41b92fc6bf641ef1b6312f69cb552e5e3f7a342d3ffef45b298f8.exe windows:6 windows x64 arch:x64
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 619KB - Virtual size: 619KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_TEXT_CN Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_TEXT_CN Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ