General

  • Target

    a75ffcfe39123c7c7ff19bc9f34b03f9dd9b0f34d658a118fba82e70270add64

  • Size

    3.2MB

  • Sample

    240523-bvzaksgg73

  • MD5

    0cbc9635a1f5fed346db2827c09d9e79

  • SHA1

    39a122ac6841ee7ce63caef955c8867d803004d3

  • SHA256

    a75ffcfe39123c7c7ff19bc9f34b03f9dd9b0f34d658a118fba82e70270add64

  • SHA512

    23a78f446db1c9707f2d38e001127cbdd694b738f8b0641ae9f12adc008c6b6aa69f9d60789a3c69387f8b6ff6134b43346debf91dfc3de6bc2cf8a79a20e0ef

  • SSDEEP

    98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWu:SbBeSFkK

Malware Config

Targets

    • Target

      a75ffcfe39123c7c7ff19bc9f34b03f9dd9b0f34d658a118fba82e70270add64

    • Size

      3.2MB

    • MD5

      0cbc9635a1f5fed346db2827c09d9e79

    • SHA1

      39a122ac6841ee7ce63caef955c8867d803004d3

    • SHA256

      a75ffcfe39123c7c7ff19bc9f34b03f9dd9b0f34d658a118fba82e70270add64

    • SHA512

      23a78f446db1c9707f2d38e001127cbdd694b738f8b0641ae9f12adc008c6b6aa69f9d60789a3c69387f8b6ff6134b43346debf91dfc3de6bc2cf8a79a20e0ef

    • SSDEEP

      98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWu:SbBeSFkK

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks