General

  • Target

    83d1979057a1e62422937e2d4d533d93b57c3a41dea9ed82358c1c112b6c3ab7

  • Size

    1.6MB

  • Sample

    240522-crxg9ahd4s

  • MD5

    add9abf21113ad239545ed302581ba52

  • SHA1

    1cf2a255dfc83c8763f081b6bcdc867721084c9b

  • SHA256

    83d1979057a1e62422937e2d4d533d93b57c3a41dea9ed82358c1c112b6c3ab7

  • SHA512

    f9c45cdf34f10e0471e44afe94365431621b8943ee1b92de3e476e08cb293d4514e08f9aadcd584efcf125223a7a4860a231868304301058bb2beb4bca66f2a2

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNIjTqaQV/cets/d3:Lz071uv4BPMkFfdk2auTqao/c/9

Malware Config

Targets

    • Target

      83d1979057a1e62422937e2d4d533d93b57c3a41dea9ed82358c1c112b6c3ab7

    • Size

      1.6MB

    • MD5

      add9abf21113ad239545ed302581ba52

    • SHA1

      1cf2a255dfc83c8763f081b6bcdc867721084c9b

    • SHA256

      83d1979057a1e62422937e2d4d533d93b57c3a41dea9ed82358c1c112b6c3ab7

    • SHA512

      f9c45cdf34f10e0471e44afe94365431621b8943ee1b92de3e476e08cb293d4514e08f9aadcd584efcf125223a7a4860a231868304301058bb2beb4bca66f2a2

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNIjTqaQV/cets/d3:Lz071uv4BPMkFfdk2auTqao/c/9

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks