General

  • Target

    72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de

  • Size

    1.4MB

  • Sample

    240529-219llseb64

  • MD5

    9ff13d1e0641ee6546519cfc53314cc7

  • SHA1

    ad68384229e95f5e2f9295d02180e5d0649b2c9e

  • SHA256

    72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de

  • SHA512

    669d6c87c455adef4e15a5a0f85f54c2e8744f38b7037927d11bdd8863885d5c20cdc832ae1cff95f5c4386e418489aace3c816b6aa808707badd1b4ae657d5b

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPC:Lz071uv4BPMkFfdg6NsOL

Malware Config

Targets

    • Target

      72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de

    • Size

      1.4MB

    • MD5

      9ff13d1e0641ee6546519cfc53314cc7

    • SHA1

      ad68384229e95f5e2f9295d02180e5d0649b2c9e

    • SHA256

      72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de

    • SHA512

      669d6c87c455adef4e15a5a0f85f54c2e8744f38b7037927d11bdd8863885d5c20cdc832ae1cff95f5c4386e418489aace3c816b6aa808707badd1b4ae657d5b

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPC:Lz071uv4BPMkFfdg6NsOL

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks