Analysis
-
max time kernel
133s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 13:25
Behavioral task
behavioral1
Sample
2024-05-25_79dff4d84fc0536fc04e9b139cd04ebe_cobalt-strike_cobaltstrike_xmrig.exe
Resource
win7-20240419-en
4 signatures
150 seconds
General
-
Target
2024-05-25_79dff4d84fc0536fc04e9b139cd04ebe_cobalt-strike_cobaltstrike_xmrig.exe
-
Size
12.8MB
-
MD5
79dff4d84fc0536fc04e9b139cd04ebe
-
SHA1
144e525cbafdf6a93d51622403a584a7a2b61fac
-
SHA256
a4f65e813450869a86129b8e1d468e4a686672988f14d9cfa2dc54e0b08eab0c
-
SHA512
e441c6594b09dd8c6893b80cc1e4ec81d2dd505163bfc57d6dbbb2e14106ac4b5a36e82240c6c7fdd976a3f7169f98e35cd515912c3d7240d074efe0926fbea7
-
SSDEEP
196608:u2XrSIqtPazmgL7uDbzVXUHXUXEOZmPOEDkfsLKb:uaWIPyquDBZtmPfkfn
Malware Config
Signatures
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
resource yara_rule behavioral2/memory/4092-5-0x0000000000400000-0x00000000010B2000-memory.dmp INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL -
XMRig Miner payload 1 IoCs
resource yara_rule behavioral2/memory/4092-5-0x0000000000400000-0x00000000010B2000-memory.dmp xmrig