General

  • Target

    7ecn1xCryptor.exe

  • Size

    13.1MB

  • Sample

    240606-3h8r2aeg29

  • MD5

    6be692e39774693c34c6a7585205d428

  • SHA1

    fb36354d0da29d26cdd8e387183b2a6d68d6711b

  • SHA256

    895e7e23425166b27e9179d20ecfa5c4582ec9dd7af06300ba567d4f691fb49a

  • SHA512

    b3d80daf17f35e7d51ca96addf4ff1caf05e5b3219f85c90421296f7af9e2adcb4bd02e0ce8c44a8d137de07bbd732dc2bab3d389e90577b3873a45fc6775cab

  • SSDEEP

    393216:BmsFJ8OwBFgTmsALZNE1VZQn8RyyV7BltVSnLo:BmxRPgTmsA8BR7tBltVSL

Malware Config

Targets

    • Target

      7ecn1xCryptor.exe

    • Size

      13.1MB

    • MD5

      6be692e39774693c34c6a7585205d428

    • SHA1

      fb36354d0da29d26cdd8e387183b2a6d68d6711b

    • SHA256

      895e7e23425166b27e9179d20ecfa5c4582ec9dd7af06300ba567d4f691fb49a

    • SHA512

      b3d80daf17f35e7d51ca96addf4ff1caf05e5b3219f85c90421296f7af9e2adcb4bd02e0ce8c44a8d137de07bbd732dc2bab3d389e90577b3873a45fc6775cab

    • SSDEEP

      393216:BmsFJ8OwBFgTmsALZNE1VZQn8RyyV7BltVSnLo:BmxRPgTmsA8BR7tBltVSL

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Creates new service(s)

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks