Overview

overview

10

Static

static

10

1f9c20e776...18.exe

windows7-x64

10

1f9c20e776...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1f9c20e7760b5a31ce6993d16e2c1120_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240507-f9t2maed78

  • MD5

    1f9c20e7760b5a31ce6993d16e2c1120

  • SHA1

    4b19e0d357a2a4cd87b23b90eb4e9ce006abbdb1

  • SHA256

    85de004bc281317e35ededb46429f000cbd135733a486bd68c3a2a3d1343165d

  • SHA512

    8e30e03b05e99c834e5bcd9f064d7c06e07d3e12151da5b3e8c5dce2a459eef1e034060af3c23e829b8c211904252566992753104467bb3a4b8a93f181890986

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pxtU8:NABZ

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      1f9c20e7760b5a31ce6993d16e2c1120_JaffaCakes118

    • Size

      1.7MB

    • MD5

      1f9c20e7760b5a31ce6993d16e2c1120

    • SHA1

      4b19e0d357a2a4cd87b23b90eb4e9ce006abbdb1

    • SHA256

      85de004bc281317e35ededb46429f000cbd135733a486bd68c3a2a3d1343165d

    • SHA512

      8e30e03b05e99c834e5bcd9f064d7c06e07d3e12151da5b3e8c5dce2a459eef1e034060af3c23e829b8c211904252566992753104467bb3a4b8a93f181890986

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pxtU8:NABZ

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks