General
-
Target
Access.rar
-
Size
2.1MB
-
Sample
240520-fj1fqadc3y
-
MD5
97320bc56008226d80a91f7aace52386
-
SHA1
713e7d684ba125e11e008a6e9ee9118108219b43
-
SHA256
c78fa5b39f8f805ebdaf9ad0f58ecc274f2caa3f6c60273813b27141182d7531
-
SHA512
d4bc473f0a175ee76dd388e6298254305feeede90897351be71da06425c315e44f3f0368bb072b1b49df744597f4c72a7a08f2bd5b191299f416957488850faf
-
SSDEEP
49152:ju/OYM5Vtkrnyx2BDvaKE+rm3/8zHs0QgW3MvUl9pVZ/J6g1Kj4KiDBPZm0/:aW/pod+V3AHs0ehm1s7V/
Static task
static1
Behavioral task
behavioral1
Sample
Access.rar
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Access.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Access/Read.txt
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Access/Read.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Access/Redirect to Access.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Access.rar
-
Size
2.1MB
-
MD5
97320bc56008226d80a91f7aace52386
-
SHA1
713e7d684ba125e11e008a6e9ee9118108219b43
-
SHA256
c78fa5b39f8f805ebdaf9ad0f58ecc274f2caa3f6c60273813b27141182d7531
-
SHA512
d4bc473f0a175ee76dd388e6298254305feeede90897351be71da06425c315e44f3f0368bb072b1b49df744597f4c72a7a08f2bd5b191299f416957488850faf
-
SSDEEP
49152:ju/OYM5Vtkrnyx2BDvaKE+rm3/8zHs0QgW3MvUl9pVZ/J6g1Kj4KiDBPZm0/:aW/pod+V3AHs0ehm1s7V/
Score3/10 -
-
-
Target
Access/Read.txt
-
Size
83B
-
MD5
c1f6abe86eac5e1741b117ae09a97cff
-
SHA1
7be868af5ec051c8ce022950086c59c34d944223
-
SHA256
86daae62dc14c50108c8410a265c0faa3800e7a3ae1e1d7d01f7580e0652b878
-
SHA512
49131783dcd858c1eccfc40cbb269bba9ad4c3c4fad8acbce42055623829b53555d3eb814a3527d4eccbbf0ff7b5d5d8be52a60b65de718333648758bc768468
Score1/10 -
-
-
Target
Access/Redirect to Access.exe
-
Size
2.5MB
-
MD5
16cd4cb40bf3e13146f06b01cc5dd251
-
SHA1
1852f2b44fb024c0d1039c1497d45e10ac8586db
-
SHA256
e45f3b1634526e3277275eb9962fc4b9d3e299bc5348b08d649a4b09b3991e35
-
SHA512
1fb86bf170a858d0037c9207c9877fac82231efc39e48fbe66bb0879ef87a0ae692ba731aaa102a4be7211176e53b4d40ad91a68c7c3c02a29d1ffc433cf9fb6
-
SSDEEP
49152:ye4U8f2fvPcuPvhN4UgpX6FWmHEksxF68RNcK7hojRvLbwcrbEGf3LkKSKGS:ye4U8f2DPvh26tHZ6F6a2+hwNw24GT3b
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-