General
-
Target
1.Install_Loader.zip
-
Size
8.9MB
-
Sample
240419-axr4lsbd55
-
MD5
c609dc9f120055153461ec252dcbedd9
-
SHA1
a0c2319516e4318785d393a352d2dcc36b7b44ea
-
SHA256
d8cd09a657f75577156236c84ba49c04faa8280b7f13a5394a7ad691312ced6b
-
SHA512
e633ca51a31b8fd2ed2637ab7eac39581d125ef4f2546219b392352313acc8ba0d5cb27db7c6c08660aa4fb71d7a1a68344434d6793612bc2ad7e24c75f8a9bc
-
SSDEEP
196608:57WXyTx0zH+2FcAhXwLmGZR+g3QzuIh2pBNG30k5ybKYAmMeJWODBp:57WXax0Lc2aZkth2p3i0kcMEpp
Malware Config
Targets
-
-
Target
1.Install_Loader.exe
-
Size
10.2MB
-
MD5
7c9494727f40e6afc4c8b1b5867c7e41
-
SHA1
87a4075936832f3fea4d23a5c0610b6de7b4e5cf
-
SHA256
0f06e67411fc5f473f5d7d707e9e6c15c89400e0729c14382bc803ae32895b9d
-
SHA512
0f73b144f374f1c1e7be851df3b1fe7f3d48fefc2f323b3e08c23183e3fbdbb43a652320d39bb8c2bd32e2715c200a8c7cfd18bae451689f2be3f5b7c1b71c6e
-
SSDEEP
196608:C8aJhSRE1uYcTS7pq83f9eX1JVqjbhKphKr44A4001/xu5cJIL:CbcYg0VPwX4jbtrT900Du8IL
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Creates new service(s)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-