General

  • Target

    virussign.com_05cd306fc7f1fa0da4ed9e69455c6240.vir

  • Size

    3.4MB

  • Sample

    240602-lyeepahg4w

  • MD5

    05cd306fc7f1fa0da4ed9e69455c6240

  • SHA1

    671c63472a9f54cd8aed1e79e1f6ae7d807c352c

  • SHA256

    ce8b323544a3aec5ddd29929ac7136b610f60a617d92ee9aabc3f273634c509f

  • SHA512

    0000d79471750bcfaf5732e60aa26e07153395fc06248d8ea1576e3854f3b60417c1850d36db4af819eae550f61712e73435fd8f26262724d3322ddc18d18fcd

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW/:7bBeSFkr

Malware Config

Targets

    • Target

      virussign.com_05cd306fc7f1fa0da4ed9e69455c6240.vir

    • Size

      3.4MB

    • MD5

      05cd306fc7f1fa0da4ed9e69455c6240

    • SHA1

      671c63472a9f54cd8aed1e79e1f6ae7d807c352c

    • SHA256

      ce8b323544a3aec5ddd29929ac7136b610f60a617d92ee9aabc3f273634c509f

    • SHA512

      0000d79471750bcfaf5732e60aa26e07153395fc06248d8ea1576e3854f3b60417c1850d36db4af819eae550f61712e73435fd8f26262724d3322ddc18d18fcd

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW/:7bBeSFkr

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks