General
-
Target
qrehadfoimfm_mal.exe
-
Size
5.4MB
-
Sample
240423-vzabssac38
-
MD5
5cafa46103ed17c0ba864f5d7c5c1cdd
-
SHA1
ab1a1ce8553774c82f0b2de57500baef74d223c5
-
SHA256
4ac45e3ec2140badf92ca9034666474504cad8615efc90fbd406360a71be6723
-
SHA512
5239b03c325ff9c825600f5c85d6bde492be95ef564a6e343441371af7ddbc871d9ebb401b3327b3be15ad8cb1d336f8fe3c4f954b3afb37443d24a0797a3930
-
SSDEEP
98304:5LRQhMkUoS3e9PRkWi1p2bw+tEBV4XbtDLAFCLecWIAZS2HdhmC7KODkk6Qow:JS2bBkpkL2bw+tEBVMDLAFCChInihn+g
Static task
static1
Behavioral task
behavioral1
Sample
qrehadfoimfm_mal.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
qrehadfoimfm_mal.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
qrehadfoimfm_mal.exe
-
Size
5.4MB
-
MD5
5cafa46103ed17c0ba864f5d7c5c1cdd
-
SHA1
ab1a1ce8553774c82f0b2de57500baef74d223c5
-
SHA256
4ac45e3ec2140badf92ca9034666474504cad8615efc90fbd406360a71be6723
-
SHA512
5239b03c325ff9c825600f5c85d6bde492be95ef564a6e343441371af7ddbc871d9ebb401b3327b3be15ad8cb1d336f8fe3c4f954b3afb37443d24a0797a3930
-
SSDEEP
98304:5LRQhMkUoS3e9PRkWi1p2bw+tEBV4XbtDLAFCLecWIAZS2HdhmC7KODkk6Qow:JS2bBkpkL2bw+tEBVMDLAFCChInihn+g
Score10/10-
XMRig Miner payload
-
Creates new service(s)
-
Stops running service(s)
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-