General
-
Target
f08e8db6d19709c1b009789007f2f308ee322bee1809128566bc485174e2a2a9
-
Size
3.0MB
-
Sample
240528-ny1zssbb87
-
MD5
b3eea37799d41784bb4fb3dfb17b6d11
-
SHA1
84ead5b53e5da7ec4cb36cb595a4fc2bef412f22
-
SHA256
f08e8db6d19709c1b009789007f2f308ee322bee1809128566bc485174e2a2a9
-
SHA512
466d50ad4617520713723e502acc57c16f814989f972eabb7f014d9a5870e0bd3ac13df36f6558bf78f164fdc88c98fcc9e22f651a72b788cdc4c4579ef068e3
-
SSDEEP
49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMki8CnfZFOzw:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RL
Malware Config
Targets
-
-
Target
f08e8db6d19709c1b009789007f2f308ee322bee1809128566bc485174e2a2a9
-
Size
3.0MB
-
MD5
b3eea37799d41784bb4fb3dfb17b6d11
-
SHA1
84ead5b53e5da7ec4cb36cb595a4fc2bef412f22
-
SHA256
f08e8db6d19709c1b009789007f2f308ee322bee1809128566bc485174e2a2a9
-
SHA512
466d50ad4617520713723e502acc57c16f814989f972eabb7f014d9a5870e0bd3ac13df36f6558bf78f164fdc88c98fcc9e22f651a72b788cdc4c4579ef068e3
-
SSDEEP
49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMki8CnfZFOzw:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RL
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Detects executables containing URLs to raw contents of a Github gist
-
UPX dump on OEP (original entry point)
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-