xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

Lunar Release.rar
Size

57.5MB
Sample

240527-rby4gaga59
MD5

17e97ff9038efe7e34cfe0e4dcb8588a
SHA1

7664f96e2d9a1fdc55428f476a7dd0ce1a88d5d9
SHA256

625003c81f3726f91c74f306fe26bdd73efa3050499bc49849aa463ff7cd64fe
SHA512

407952e00df66b3c157ac5e8e25b569a12d6ed37d741d09764818e7ccc6c996d9fe96cc77b30feac23728bf71284cab111b6fc5df59b42d2fec862df888c96f9
SSDEEP

1572864:jtIsfSjSGt+a0Sb/u95f3f9fvBva+05Zqknd5RNI:JIsfSjSGtTcfvbaLZJjs

Score

10^/10

Malware Config

Targets

- Target
  
  Lunar Release.rar
- Size
  
  57.5MB
- MD5
  
  17e97ff9038efe7e34cfe0e4dcb8588a
- SHA1
  
  7664f96e2d9a1fdc55428f476a7dd0ce1a88d5d9
- SHA256
  
  625003c81f3726f91c74f306fe26bdd73efa3050499bc49849aa463ff7cd64fe
- SHA512
  
  407952e00df66b3c157ac5e8e25b569a12d6ed37d741d09764818e7ccc6c996d9fe96cc77b30feac23728bf71284cab111b6fc5df59b42d2fec862df888c96f9
- SSDEEP
  
  1572864:jtIsfSjSGt+a0Sb/u95f3f9fvBva+05Zqknd5RNI:JIsfSjSGtTcfvbaLZJjs
Score

10^/10

xmrig evasion execution miner persistence pyinstaller upx
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Lunar Release/LunarExecutorV1.2.EXE
- Size
  
  68.2MB
- MD5
  
  1b486d8fc0fc62878f8ec674ac1b7b5b
- SHA1
  
  f293cd1316a706a8f6c9a77c699a08777e69ac60
- SHA256
  
  94eefdd5d66f63004372672610f5f3317c3c648f0525d5ac8455293d8ea2e78d
- SHA512
  
  210fd693b9004488afa0ca18586126567d2b246f6a9f0ed49efd280a817a2cfb8bca547c6b51fd520a6b1b7a48f839012025cfda831c60f502e5c2890cc62fc5
- SSDEEP
  
  1572864:Fr/1V0gMAiW/OH3m2u48YD2BWz/tYVdPBevfyfW6Wg:Fr5MAi93mZ48YD2Btd5SyfW6W
Score

10^/10

xmrig evasion execution miner persistence pyinstaller upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  Lunar Release/auto_attach.dll
- Size
  
  11KB
- MD5
  
  10b65d0b42a5c28e46c636f3b80acd72
- SHA1
  
  b7d055065692c937de0c6cc8a4a10ab56953bc35
- SHA256
  
  6a5f47fb94b352d816beb3301cec80c29067ac49867013653c5f6254617d24fb
- SHA512
  
  75dc3b928bf1dc3eccd1f8a70b71be4734bbce99419cbd5a6090c08182bf6b74617d9a78c2e7ccf243f550922c17a79c255ba07a92a48b110d1aadd823a78461
- SSDEEP
  
  192:3jzHguR1ID//9g6Gep+d/iz2Gg3bzE7xYGVN2PzQdv4tkpyzM9zvGMA5KIhzlm:3jzHguR1IKdeocPUk86tZaU
Score

1^/10
behavioral4 behavioral5
- Target
  
  Lunar Release/byfron.dll
- Size
  
  104KB
- MD5
  
  23070ddf008a2351eb49b39bcaadc40b
- SHA1
  
  7797e39ed2543d0e42fce9239e9e8f8ff55482a3
- SHA256
  
  a7b4d7ee10059bfe41c1405f589c898f8261186bbb65f9e63240e27aaba5e17f
- SHA512
  
  676d9ca1260ee2f8db90f5ec3430fd297ff2429163b39110ea80a42d5111be80b75d9fdc73f9262a713d29eb0ac3d573060a739ff843e393485de6c9a154646b
- SSDEEP
  
  1536:Jcck8caFAtPTFwZ644yQZvNuAVe5tJmcCA2noyUEowjE:Jcck8caFAtPTFwZ6ZN505H2nLUcY
Score

1^/10
behavioral6 behavioral7
- Target
  
  Lunar Release/fonts and logo/Arial.txt
- Size
  
  64B
- MD5
  
  e5b8570d28758495e1e10e492e08ff8c
- SHA1
  
  cdffaa6413f9ba1c6b16b8c26e288358b0cff571
- SHA256
  
  d565575e288251ce195eb20a570e88170a605f889e8b71a90c587bd91f03638e
- SHA512
  
  58910f636dd2a47197eeb20af49670177d70fb5f997b006d46044186b2fa87ac22ceea205562e2f07484130604414692d56548f080930c91a814c16ffddd911d
Score

1^/10
behavioral8 behavioral9
- Target
  
  Lunar Release/fonts and logo/Bold.txt
- Size
  
  64B
- MD5
  
  dc53bf4e959f96dd6f944f80f4bab418
- SHA1
  
  1e096af7588b58b542a6f717bc114c61e119275d
- SHA256
  
  9583dd7d301fc625a2a28d140285a2c08e3ad001db991a98adc66d6e3e70613b
- SHA512
  
  78833bb4e20e131662f96b2f42dbe0b27a8f135535457fbd5a780b81cf538d291cb91190a5d7cfe579cfe18b659bd213c9e50bcaf3b39d2ea42a620e25af3360
Score

1^/10
behavioral10 behavioral11
- Target
  
  Lunar Release/fonts and logo/fdsfdsf.ico
- Size
  
  4KB
- MD5
  
  5f84f00d39f8f3f5bdd30fd7784a598c
- SHA1
  
  5cc8a3bdb93ab43407767f531d995a7b8f2bb2ba
- SHA256
  
  f6131701da3f55693186f1ab4f76b6ef8063d56377ca4594eb4ed4f93819f6cd
- SHA512
  
  de022037282abd3c8fda1aa5392954b86ea216c03dd720a4929e5fb71e94b51c7293c222365f003ee98884a7b457262ab388aa68a28c9cbdd77c94de9d54f78b
- SSDEEP
  
  48:ddPzwLfyDMwE6+fJM0uAKopL1hEUURLddHQ:ddPzPAwE/fJBujopLfMRLdd
Score

3^/10
behavioral12 behavioral13
- Target
  
  Lunar Release/infinite yield.txt
- Size
  
  458KB
- MD5
  
  fd82c56f51bbd6e20b5cd3f13df47df3
- SHA1
  
  5cc7735d0df6224d522a62b51ff0e5980741de3a
- SHA256
  
  753e72e558297fc7658e32d37baa81d72333f06fd6640ede858c5ba3294cec7b
- SHA512
  
  602f05e8b7018e4066d6663976178a66c2f274d0168a041c5e3a99ae037e3730789a0130e580e33161d1f99fac288f4a8831a2400866b54fb2f6acd3c1f79f6d
- SSDEEP
  
  6144:ZkrLwE7/gTt3Kr2/h5MuR0Y9gIBuQulO7uFo5n4XvxDhoQh9kZtUi8/1j304U48F:ZkrLwEAKr2ZGHYWFOn4XPffpo
Score

3^/10

execution
behavioral14 behavioral15
- Target
  
  Lunar Release/license.txt
- Size
  
  6KB
- MD5
  
  0b09566254b011d989decf0e23a902eb
- SHA1
  
  3ae5cd6be73daf418b8deee9c865cf78225838c9
- SHA256
  
  a19d58aaab15c4d0019e569d1c073d1b5286fdd37dbeee7a58a7d1ae76045ae1
- SHA512
  
  4e22e58f925879306261e5993039e1d84d87f8fecc0f9fdad534da55b6fd22be77e622a4077d8d521f7734e5535f66853d581155987e2f3607e2d386938c218b
- SSDEEP
  
  192:uEwjuKsgA4+XYdXjA+okS63vZBCSUziJm:eNs8+QRVxBRU1
Score

1^/10
behavioral16 behavioral17
- Target
  
  Lunar Release/resources.dll
- Size
  
  5.1MB
- MD5
  
  773b3b72481fd8ef9b62b5ef0fe8040a
- SHA1
  
  a42cbc7aab88689e834c158b24af8722586cf1b4
- SHA256
  
  7f93fef11819a9f4b8edd342a1c2d3dbab25698ed75f9713ee1167fa2f852331
- SHA512
  
  db7d29100060afc909cbf20bcd6d9c02fc0b29d8ee32606e2d6cf18270484f2b46853cda0b495a85cc7a2e3ae4536030a25216f101dceabf2f972e3375208c38
- SSDEEP
  
  768:+UI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUIn:3
Score

3^/10

execution
behavioral18 behavioral19