Overview

overview

10

Static

static

10

10214426b5...18.exe

windows7-x64

10

10214426b5...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    10214426b5f78533b05e135f6cbcf96e_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240503-ks2glabb4w

  • MD5

    10214426b5f78533b05e135f6cbcf96e

  • SHA1

    f57d504f8fa8c0e8ace8b1e693d52e4d530eca00

  • SHA256

    997306dc9459058b4fbaaf469a3668ba545d6b4f5610d2284a219193e38c1433

  • SHA512

    008b6609b988215bee835159615aaed7d136301dedf2b05ea7ac482806b3db605642aba1c2a2688c8620c18f273ee9dcdc5eb52bb578f4adcb29b839996c89f9

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/VxjzSRLgx893+Gk:Lz071uv4BPMkibTIA5CJKGL

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      10214426b5f78533b05e135f6cbcf96e_JaffaCakes118

    • Size

      1.5MB

    • MD5

      10214426b5f78533b05e135f6cbcf96e

    • SHA1

      f57d504f8fa8c0e8ace8b1e693d52e4d530eca00

    • SHA256

      997306dc9459058b4fbaaf469a3668ba545d6b4f5610d2284a219193e38c1433

    • SHA512

      008b6609b988215bee835159615aaed7d136301dedf2b05ea7ac482806b3db605642aba1c2a2688c8620c18f273ee9dcdc5eb52bb578f4adcb29b839996c89f9

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/VxjzSRLgx893+Gk:Lz071uv4BPMkibTIA5CJKGL

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks