General

  • Target

    b49ef0d3015ef7ba2143b3d07f68a1db5cf976e7dcf20175531ae196d2264cde

  • Size

    2.0MB

  • Sample

    240530-ce349sae3t

  • MD5

    9c21308f638b181c719e6f78e8bd4c82

  • SHA1

    e83fba4d9b307a8b5ae6aa64d4ff748936717063

  • SHA256

    b49ef0d3015ef7ba2143b3d07f68a1db5cf976e7dcf20175531ae196d2264cde

  • SHA512

    02fbed8328b1c39bf6473c392590806f8dc915f2999d13cce2842c5abadbbb399738a4ef9799be689de1782e3d7f30a8594c717f612cd17e0a87d2d8e91735d6

  • SSDEEP

    49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SNasx:BemTLkNdfE0pZrwm

Malware Config

Targets

    • Target

      b49ef0d3015ef7ba2143b3d07f68a1db5cf976e7dcf20175531ae196d2264cde

    • Size

      2.0MB

    • MD5

      9c21308f638b181c719e6f78e8bd4c82

    • SHA1

      e83fba4d9b307a8b5ae6aa64d4ff748936717063

    • SHA256

      b49ef0d3015ef7ba2143b3d07f68a1db5cf976e7dcf20175531ae196d2264cde

    • SHA512

      02fbed8328b1c39bf6473c392590806f8dc915f2999d13cce2842c5abadbbb399738a4ef9799be689de1782e3d7f30a8594c717f612cd17e0a87d2d8e91735d6

    • SSDEEP

      49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SNasx:BemTLkNdfE0pZrwm

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks