Overview

overview

10

Static

static

10

41ec093ea4...fa.exe

windows7-x64

10

41ec093ea4...fa.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    41ec093ea45f9b839564ce35c9c4a8de9f61eafcc4e55565b67c0cf18f1793fa

  • Size

    2.9MB

  • Sample

    240410-ztj19sed9w

  • MD5

    a89d66c2e80d94adcf4501f5c4e5790f

  • SHA1

    62b6bc5ece5582e25f1bfa3c950c089766525169

  • SHA256

    41ec093ea45f9b839564ce35c9c4a8de9f61eafcc4e55565b67c0cf18f1793fa

  • SHA512

    5e8eda80d9120e248bceb284f143ced577ac243016928b3c82f255808e5277fb68dce1713cdbd5f4e22118e4151756bf30ef54b0297602e4b87a1c2da5b6aaa0

  • SSDEEP

    49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkibTIA5Jnsoyxs:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RD

Score
10/10
xmrigminerupx

Malware Config

Targets

    • Target

      41ec093ea45f9b839564ce35c9c4a8de9f61eafcc4e55565b67c0cf18f1793fa

    • Size

      2.9MB

    • MD5

      a89d66c2e80d94adcf4501f5c4e5790f

    • SHA1

      62b6bc5ece5582e25f1bfa3c950c089766525169

    • SHA256

      41ec093ea45f9b839564ce35c9c4a8de9f61eafcc4e55565b67c0cf18f1793fa

    • SHA512

      5e8eda80d9120e248bceb284f143ced577ac243016928b3c82f255808e5277fb68dce1713cdbd5f4e22118e4151756bf30ef54b0297602e4b87a1c2da5b6aaa0

    • SSDEEP

      49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkibTIA5Jnsoyxs:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RD

    Score
    10/10
    xmrigminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks