General

  • Target

    8be208cca2bb54ebda7d7806e76b9100.exe.bin

  • Size

    5.2MB

  • Sample

    240518-ey4agsbg55

  • MD5

    8be208cca2bb54ebda7d7806e76b9100

  • SHA1

    7059a2556e93dc0549407711dfccf27d004234e3

  • SHA256

    aa6409c34e9ff65fcd3935dbc4cbd7233b1571359647f9b11ce0e70f4e042458

  • SHA512

    40f11b79984beeebbe3ad6de45d99ad57fa0f2ef54b4dbc9a3000833eedd83b8f8a8e96f03cfa8565f447c8458f8942d8cdf7bcbc2796f7807b88305bfd158bb

  • SSDEEP

    98304:xRjPz9KDzUU8O5/B/LJ25E9SVh86sS3TRknQ3ss2MApp9meypA3cPDu7:xFKoU8O5/b2XViSjX310SeyGc7u7

Malware Config

Targets

    • Target

      8be208cca2bb54ebda7d7806e76b9100.exe.bin

    • Size

      5.2MB

    • MD5

      8be208cca2bb54ebda7d7806e76b9100

    • SHA1

      7059a2556e93dc0549407711dfccf27d004234e3

    • SHA256

      aa6409c34e9ff65fcd3935dbc4cbd7233b1571359647f9b11ce0e70f4e042458

    • SHA512

      40f11b79984beeebbe3ad6de45d99ad57fa0f2ef54b4dbc9a3000833eedd83b8f8a8e96f03cfa8565f447c8458f8942d8cdf7bcbc2796f7807b88305bfd158bb

    • SSDEEP

      98304:xRjPz9KDzUU8O5/B/LJ25E9SVh86sS3TRknQ3ss2MApp9meypA3cPDu7:xFKoU8O5/b2XViSjX310SeyGc7u7

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Stops running service(s)

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks