Overview

overview

10

Static

static

10

6b50e5db90...3f.exe

windows7-x64

10

6b50e5db90...3f.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    6b50e5db9009a9368141002db51386465532096c8bd20c1bc731f2ebae34f63f

  • Size

    1.5MB

  • Sample

    240428-151c3aag9s

  • MD5

    49b8d2f1be713a5157a5efe4a0047f21

  • SHA1

    f3923c1de7ee59a98ea2286de31788c3fb29279a

  • SHA256

    6b50e5db9009a9368141002db51386465532096c8bd20c1bc731f2ebae34f63f

  • SHA512

    85724613f1013021641a13d755790024c943d2629b1d81d26cd2dd2ee067fd2cfcde2e77733fff0b39d741c2423fe5221f17a865ca9218a547c552526e1bb087

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhnXwx8/2Pbx/mbjba0DF4bw7Or6uji:Lz071uv4BPMkHC0IlnASEx/wfU6r

Score
10/10
xmrigminerupx

Malware Config

Targets

    • Target

      6b50e5db9009a9368141002db51386465532096c8bd20c1bc731f2ebae34f63f

    • Size

      1.5MB

    • MD5

      49b8d2f1be713a5157a5efe4a0047f21

    • SHA1

      f3923c1de7ee59a98ea2286de31788c3fb29279a

    • SHA256

      6b50e5db9009a9368141002db51386465532096c8bd20c1bc731f2ebae34f63f

    • SHA512

      85724613f1013021641a13d755790024c943d2629b1d81d26cd2dd2ee067fd2cfcde2e77733fff0b39d741c2423fe5221f17a865ca9218a547c552526e1bb087

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhnXwx8/2Pbx/mbjba0DF4bw7Or6uji:Lz071uv4BPMkHC0IlnASEx/wfU6r

    Score
    10/10
    xmrigminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks