General
-
Target
022867c3778c5e877c5298fc2559802e6f91cb3f22de8756882cf63a4db264b9
-
Size
5.3MB
-
Sample
240527-wt1r8scg7v
-
MD5
deb1e31bda51e681a795f54abaf26aad
-
SHA1
be8bab9e5afaad57b7d6f07aaecb4ab37a8aeb5c
-
SHA256
022867c3778c5e877c5298fc2559802e6f91cb3f22de8756882cf63a4db264b9
-
SHA512
06041d2a6664f50274f3174ad453002e37aab07789c7a654aa3c452e6ca3d73265d4358a247169a1aba539697d0c16ad55668f787ee7daa881fe30109e036e8a
-
SSDEEP
98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S
Static task
static1
Behavioral task
behavioral1
Sample
022867c3778c5e877c5298fc2559802e6f91cb3f22de8756882cf63a4db264b9.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
022867c3778c5e877c5298fc2559802e6f91cb3f22de8756882cf63a4db264b9
-
Size
5.3MB
-
MD5
deb1e31bda51e681a795f54abaf26aad
-
SHA1
be8bab9e5afaad57b7d6f07aaecb4ab37a8aeb5c
-
SHA256
022867c3778c5e877c5298fc2559802e6f91cb3f22de8756882cf63a4db264b9
-
SHA512
06041d2a6664f50274f3174ad453002e37aab07789c7a654aa3c452e6ca3d73265d4358a247169a1aba539697d0c16ad55668f787ee7daa881fe30109e036e8a
-
SSDEEP
98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S
-
UPX dump on OEP (original entry point)
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-