General

  • Target

    059b938b427742607046f042aa6932842ab413a14537d20b64441e5464e6df8b

  • Size

    3.0MB

  • Sample

    240527-w2gz4adb61

  • MD5

    da2452e0ac4a7e7b06494f1b71e89a56

  • SHA1

    7913a36e22c2bdc0099bb6dcb1cb2a2ccb54067b

  • SHA256

    059b938b427742607046f042aa6932842ab413a14537d20b64441e5464e6df8b

  • SHA512

    fd9e4f80fbc0975b7650ed429bb99f4162dd8e169072ddb2bfad70aa7f0801698fcd02644a16bef35ea04a4e016e6821335d4ef2e14d73b2ad0a46bef9fed170

  • SSDEEP

    98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWY:SbBeSFks

Malware Config

Targets

    • Target

      059b938b427742607046f042aa6932842ab413a14537d20b64441e5464e6df8b

    • Size

      3.0MB

    • MD5

      da2452e0ac4a7e7b06494f1b71e89a56

    • SHA1

      7913a36e22c2bdc0099bb6dcb1cb2a2ccb54067b

    • SHA256

      059b938b427742607046f042aa6932842ab413a14537d20b64441e5464e6df8b

    • SHA512

      fd9e4f80fbc0975b7650ed429bb99f4162dd8e169072ddb2bfad70aa7f0801698fcd02644a16bef35ea04a4e016e6821335d4ef2e14d73b2ad0a46bef9fed170

    • SSDEEP

      98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWY:SbBeSFks

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks