Overview

overview

10

Static

static

10

a5d024a0be...62.exe

windows7-x64

10

a5d024a0be...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62.exe

  • Size

    124KB

  • Sample

    240507-byzeracd8y

  • MD5

    21d6b63327f1f57348899d5992d43102

  • SHA1

    c1f72ac6dedd7817c094c41df3d9dd505675d93d

  • SHA256

    a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62

  • SHA512

    0af75df0a6dfe44b33b03f4dc716c48db3a479f438fe0a9332b82cc832ffdb2d56254b073bfb67feed8c0f5516ede72a93f1de70e62c8ae9e9e9fd09f600d1cf

  • SSDEEP

    1536:IFaM5mTEVEQnqrZM5V3J6fgNWbMb+KR0Nc8QsJq3:iaMqEVEUWZulJGgNAe0Nc8QsC

Score
10/10
metasploitxmrigbackdoorminerpyinstallertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

86.104.74.31:9981

Extracted

Family

metasploit

Version

windows/reverse_winhttp

C2

https://86.104.74.31:2526/fd3zz0jliLkQrhGvdpeVpgk3G__x63mWh1gI58R0JEHOZwCxT5ADz_cyqt144D8WxjMAXj9F

https://86.104.74.31:2526/2aG3s4BznEOv9K71yc0q_whJz7KSR0Komc11phDYyHAY4wSUj8VDKyDhXsEoYruZ__ETm7oRdSJL70mbAAEeUC4ro-qD0923WcnAgSKqHnnC9DI8EPIpBtptckd1TuHmekMEteXfbOd-7Gt49Bc9EVbWS2Shhc5U28c3m-3MY6lAR

Targets

    • Target

      a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62.exe

    • Size

      124KB

    • MD5

      21d6b63327f1f57348899d5992d43102

    • SHA1

      c1f72ac6dedd7817c094c41df3d9dd505675d93d

    • SHA256

      a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62

    • SHA512

      0af75df0a6dfe44b33b03f4dc716c48db3a479f438fe0a9332b82cc832ffdb2d56254b073bfb67feed8c0f5516ede72a93f1de70e62c8ae9e9e9fd09f600d1cf

    • SSDEEP

      1536:IFaM5mTEVEQnqrZM5V3J6fgNWbMb+KR0Nc8QsJq3:iaMqEVEUWZulJGgNAe0Nc8QsC

    Score
    10/10
    metasploitxmrigbackdoorminerpyinstallertrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks