General

  • Target

    104079d51ee0d3925900189fb7bd13c09ddd8a34ff61628e99ca7922e4ed59c5

  • Size

    1.7MB

  • Sample

    240527-xlfyjaeb2s

  • MD5

    9552bbc49b14b0c451de453e3a9370c6

  • SHA1

    b134446078b3f7cf8a5a9bdfff739a900d4be0f2

  • SHA256

    104079d51ee0d3925900189fb7bd13c09ddd8a34ff61628e99ca7922e4ed59c5

  • SHA512

    3b68458dc8679103ade80e69cc36e9c7b58d91022ce0c5b13f7a3766a8bd723809fbebb6b19f2fa42408c3a8950db0d4db56310a8e3f72619b19f46a14cf24a1

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkiptb8q33F1QeQthKJAc+StNfN3IvGIcveRO8JqU1e:Lz071uv4BPMkivwSbaMYPcyO8GYE4U

Malware Config

Targets

    • Target

      104079d51ee0d3925900189fb7bd13c09ddd8a34ff61628e99ca7922e4ed59c5

    • Size

      1.7MB

    • MD5

      9552bbc49b14b0c451de453e3a9370c6

    • SHA1

      b134446078b3f7cf8a5a9bdfff739a900d4be0f2

    • SHA256

      104079d51ee0d3925900189fb7bd13c09ddd8a34ff61628e99ca7922e4ed59c5

    • SHA512

      3b68458dc8679103ade80e69cc36e9c7b58d91022ce0c5b13f7a3766a8bd723809fbebb6b19f2fa42408c3a8950db0d4db56310a8e3f72619b19f46a14cf24a1

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkiptb8q33F1QeQthKJAc+StNfN3IvGIcveRO8JqU1e:Lz071uv4BPMkivwSbaMYPcyO8GYE4U

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks