General

  • Target

    022867c3778c5e877c5298fc2559802e6f91cb3f22de8756882cf63a4db264b9

  • Size

    5.3MB

  • Sample

    240527-wt1r8scg7v

  • MD5

    deb1e31bda51e681a795f54abaf26aad

  • SHA1

    be8bab9e5afaad57b7d6f07aaecb4ab37a8aeb5c

  • SHA256

    022867c3778c5e877c5298fc2559802e6f91cb3f22de8756882cf63a4db264b9

  • SHA512

    06041d2a6664f50274f3174ad453002e37aab07789c7a654aa3c452e6ca3d73265d4358a247169a1aba539697d0c16ad55668f787ee7daa881fe30109e036e8a

  • SSDEEP

    98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S

Malware Config

Targets

    • Target

      022867c3778c5e877c5298fc2559802e6f91cb3f22de8756882cf63a4db264b9

    • Size

      5.3MB

    • MD5

      deb1e31bda51e681a795f54abaf26aad

    • SHA1

      be8bab9e5afaad57b7d6f07aaecb4ab37a8aeb5c

    • SHA256

      022867c3778c5e877c5298fc2559802e6f91cb3f22de8756882cf63a4db264b9

    • SHA512

      06041d2a6664f50274f3174ad453002e37aab07789c7a654aa3c452e6ca3d73265d4358a247169a1aba539697d0c16ad55668f787ee7daa881fe30109e036e8a

    • SSDEEP

      98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Stops running service(s)

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks