General

  • Target

    0049147ea9abb61beeae3f5cc878917bf5c81effc49dc8b7bc735dfa6962e74b.bin

  • Size

    38KB

  • Sample

    240517-vm5beahg6t

  • MD5

    c6830ee407c432e371d7739589b3e5e2

  • SHA1

    b63c5a1924a82a3c50c8ec4200ece8de881913e1

  • SHA256

    0049147ea9abb61beeae3f5cc878917bf5c81effc49dc8b7bc735dfa6962e74b

  • SHA512

    b293278bbd7e6adef00012a5c8ebd2113952b1763ce834bef1c07421f303f52c9f0649a4316b90e99c474a006522ce81907eee19caf61bcb2ef951d5943701a6

  • SSDEEP

    768:C5rbpuQ5C8dkDMy/l/yVeWq+q5nAcYRDoZsbcnAlLy2C:C5HpuQ5C8dO3/tdWqsp4sQnAVy2C

Malware Config

Targets

    • Target

      66944b456b33438cbf93d112d973112903f57dc16bf4c069e968562fa8f01b54.exe

    • Size

      104KB

    • MD5

      9a24a00438a4d06d64fe4820061a1b45

    • SHA1

      6e59989652dff276a6dfa0f287b6c468a2f04842

    • SHA256

      66944b456b33438cbf93d112d973112903f57dc16bf4c069e968562fa8f01b54

    • SHA512

      80e97c8c389554ba0512b7f496dd03e82f2a627568eca631a6393033d540a70779fc7eae2485d1b9ca3657beb8ae9a86fd08ecd5dba678407bf8e63bef9a4629

    • SSDEEP

      1536:KlULHCIFmav82fkJMTZ0imzS6ussgExLXCxnbKG:wUDeO9TZH6SngYsbKG

    • Modifies security service

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Windows security bypass

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks