General
-
Target
8be208cca2bb54ebda7d7806e76b9100.exe.bin
-
Size
5.2MB
-
Sample
240518-ey4agsbg55
-
MD5
8be208cca2bb54ebda7d7806e76b9100
-
SHA1
7059a2556e93dc0549407711dfccf27d004234e3
-
SHA256
aa6409c34e9ff65fcd3935dbc4cbd7233b1571359647f9b11ce0e70f4e042458
-
SHA512
40f11b79984beeebbe3ad6de45d99ad57fa0f2ef54b4dbc9a3000833eedd83b8f8a8e96f03cfa8565f447c8458f8942d8cdf7bcbc2796f7807b88305bfd158bb
-
SSDEEP
98304:xRjPz9KDzUU8O5/B/LJ25E9SVh86sS3TRknQ3ss2MApp9meypA3cPDu7:xFKoU8O5/b2XViSjX310SeyGc7u7
Static task
static1
Behavioral task
behavioral1
Sample
8be208cca2bb54ebda7d7806e76b9100.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
8be208cca2bb54ebda7d7806e76b9100.exe.bin
-
Size
5.2MB
-
MD5
8be208cca2bb54ebda7d7806e76b9100
-
SHA1
7059a2556e93dc0549407711dfccf27d004234e3
-
SHA256
aa6409c34e9ff65fcd3935dbc4cbd7233b1571359647f9b11ce0e70f4e042458
-
SHA512
40f11b79984beeebbe3ad6de45d99ad57fa0f2ef54b4dbc9a3000833eedd83b8f8a8e96f03cfa8565f447c8458f8942d8cdf7bcbc2796f7807b88305bfd158bb
-
SSDEEP
98304:xRjPz9KDzUU8O5/B/LJ25E9SVh86sS3TRknQ3ss2MApp9meypA3cPDu7:xFKoU8O5/b2XViSjX310SeyGc7u7
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-