General
-
Target
aac7f8e174ba66d62620bd07613bac1947f996bb96b9627b42910a1db3d3e22b.zip
-
Size
45KB
-
Sample
240523-qc7asscb84
-
MD5
aaf7e26177e34ba376e5173e7127c420
-
SHA1
8e9482123148b029125a3360026a082c8b5e4787
-
SHA256
528bdf3b7ad770df7a1c440c370ee25f1d91eaf26bf894c34ce5cb5983c62988
-
SHA512
7d1c26779b21a9fd228ecc804d6304aaf5c2dd87a0eca3999ad57b339084c6833e25c9cf476bc44355e9372e3c922fb27f0262120df9afd08eb3624979c7e2d0
-
SSDEEP
768:Y+oR/9sZKeuzx8ExbIzK1venIVpO4rXvmhbAZQtsrJuybraDxVDZ4Y7:vXI18Exbt1jrfmhAluybrCxV14w
Static task
static1
Behavioral task
behavioral1
Sample
aac7f8e174ba66d62620bd07613bac1947f996bb96b9627b42910a1db3d3e22b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
aac7f8e174ba66d62620bd07613bac1947f996bb96b9627b42910a1db3d3e22b.exe
Resource
win10-20240404-en
Malware Config
Extracted
http://111.90.158.40/get.png
Extracted
http://downloadAddress/clearn.png
Extracted
http://111.90.158.40/get.png?random=20240523131145
Extracted
http://111.90.158.40/kill.png?random=20240523131159
Extracted
http://111.90.158.40/get.png?random=20240523131334
Extracted
http://111.90.158.40/kill.png?random=20240523131338
Extracted
http://111.90.158.40/get.png?random=1716470050
Extracted
http://111.90.158.40/kill.png?random=20240523131413
Extracted
http://111.90.158.40/get.png?random=1716471851
Extracted
http://111.90.158.40/kill.png?random=20240523134415
Targets
-
-
Target
aac7f8e174ba66d62620bd07613bac1947f996bb96b9627b42910a1db3d3e22b
-
Size
83KB
-
MD5
bf05392d1205ce66a45a1104fb67adf8
-
SHA1
9a77e7e641f1336b4b6fbe0dadb54ea4356212f1
-
SHA256
aac7f8e174ba66d62620bd07613bac1947f996bb96b9627b42910a1db3d3e22b
-
SHA512
369b875cf5ae0bc49d6054e21e2b5af5a5efffc2b19693f9f3088b5ace8dc91814c989dd055425bdc8bddfc87cd1a4eaddbd1532c3235bf47ad90e615d6e71cf
-
SSDEEP
1536:PD1JuLb6B5e5Oa+LWanmQaqLDO/zZkLJLa93zg0QhsW5cde4PvXoRu:aqnYOaOmKLDO/zZKJuzg7MemvXgu
-
XMRig Miner payload
-
Clears Windows event logs
-
Blocklisted process makes network request
-
Creates new service(s)
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1System Services
2Service Execution
2Persistence
Create or Modify System Process
3Windows Service
3Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
3Windows Service
3Scheduled Task/Job
1