Overview

overview

10

Static

static

10

175cfc2db5...18.exe

windows7-x64

10

175cfc2db5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    175cfc2db509885fafdd38d98ca61fb9_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240505-m32w8abc64

  • MD5

    175cfc2db509885fafdd38d98ca61fb9

  • SHA1

    0c9ca4eab86f44f0a7d5ca795cd1f5b6c0dbc85a

  • SHA256

    7b6bcd721e5cddc0d74b38a76cab8224e1b2ba3b39ad7e0f382cbc5314c1f17e

  • SHA512

    5d528640af3f0b18fb48a5c0b03a724a84df399a53e36004f3769028549bf691b308eed07828c8d24856b755444d6ca146637e386d892d6e84dc951c4933143c

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pxtUp:NABk

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      175cfc2db509885fafdd38d98ca61fb9_JaffaCakes118

    • Size

      1.7MB

    • MD5

      175cfc2db509885fafdd38d98ca61fb9

    • SHA1

      0c9ca4eab86f44f0a7d5ca795cd1f5b6c0dbc85a

    • SHA256

      7b6bcd721e5cddc0d74b38a76cab8224e1b2ba3b39ad7e0f382cbc5314c1f17e

    • SHA512

      5d528640af3f0b18fb48a5c0b03a724a84df399a53e36004f3769028549bf691b308eed07828c8d24856b755444d6ca146637e386d892d6e84dc951c4933143c

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pxtUp:NABk

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks