Overview

overview

10

Static

static

3

Access.rar

windows7-x64

3

Access.rar

windows10-2004-x64

3

Access/Read.txt

windows7-x64

1

Access/Read.txt

windows10-2004-x64

1

Access/Red...ss.exe

windows7-x64

10

Access/Red...ss.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Access.rar

  • Size

    2.1MB

  • Sample

    240520-fj1fqadc3y

  • MD5

    97320bc56008226d80a91f7aace52386

  • SHA1

    713e7d684ba125e11e008a6e9ee9118108219b43

  • SHA256

    c78fa5b39f8f805ebdaf9ad0f58ecc274f2caa3f6c60273813b27141182d7531

  • SHA512

    d4bc473f0a175ee76dd388e6298254305feeede90897351be71da06425c315e44f3f0368bb072b1b49df744597f4c72a7a08f2bd5b191299f416957488850faf

  • SSDEEP

    49152:ju/OYM5Vtkrnyx2BDvaKE+rm3/8zHs0QgW3MvUl9pVZ/J6g1Kj4KiDBPZm0/:aW/pod+V3AHs0ehm1s7V/

Score
10/10
xmrigevasionexecutionminerpersistenceupx

Malware Config

Targets

    • Target

      Access.rar

    • Size

      2.1MB

    • MD5

      97320bc56008226d80a91f7aace52386

    • SHA1

      713e7d684ba125e11e008a6e9ee9118108219b43

    • SHA256

      c78fa5b39f8f805ebdaf9ad0f58ecc274f2caa3f6c60273813b27141182d7531

    • SHA512

      d4bc473f0a175ee76dd388e6298254305feeede90897351be71da06425c315e44f3f0368bb072b1b49df744597f4c72a7a08f2bd5b191299f416957488850faf

    • SSDEEP

      49152:ju/OYM5Vtkrnyx2BDvaKE+rm3/8zHs0QgW3MvUl9pVZ/J6g1Kj4KiDBPZm0/:aW/pod+V3AHs0ehm1s7V/

    Score
    3/10
    behavioral1behavioral2

    • Target

      Access/Read.txt

    • Size

      83B

    • MD5

      c1f6abe86eac5e1741b117ae09a97cff

    • SHA1

      7be868af5ec051c8ce022950086c59c34d944223

    • SHA256

      86daae62dc14c50108c8410a265c0faa3800e7a3ae1e1d7d01f7580e0652b878

    • SHA512

      49131783dcd858c1eccfc40cbb269bba9ad4c3c4fad8acbce42055623829b53555d3eb814a3527d4eccbbf0ff7b5d5d8be52a60b65de718333648758bc768468

    Score
    1/10
    behavioral3behavioral4

    • Target

      Access/Redirect to Access.exe

    • Size

      2.5MB

    • MD5

      16cd4cb40bf3e13146f06b01cc5dd251

    • SHA1

      1852f2b44fb024c0d1039c1497d45e10ac8586db

    • SHA256

      e45f3b1634526e3277275eb9962fc4b9d3e299bc5348b08d649a4b09b3991e35

    • SHA512

      1fb86bf170a858d0037c9207c9877fac82231efc39e48fbe66bb0879ef87a0ae692ba731aaa102a4be7211176e53b4d40ad91a68c7c3c02a29d1ffc433cf9fb6

    • SSDEEP

      49152:ye4U8f2fvPcuPvhN4UgpX6FWmHEksxF68RNcK7hojRvLbwcrbEGf3LkKSKGS:ye4U8f2DPvh26tHZ6F6a2+hwNw24GT3b

    Score
    10/10
    xmrigevasionexecutionminerpersistenceupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Creates new service(s)

      persistenceexecution

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks