Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 15:31
Behavioral task
behavioral1
Sample
2024-06-06_5b840807e47bae268d054feda89bee0e_cobalt-strike_cobaltstrike_xmrig.exe
Resource
win7-20240419-en
4 signatures
150 seconds
General
-
Target
2024-06-06_5b840807e47bae268d054feda89bee0e_cobalt-strike_cobaltstrike_xmrig.exe
-
Size
11.5MB
-
MD5
5b840807e47bae268d054feda89bee0e
-
SHA1
736c159e97e039434a849793ca2a4ef60a91cbd8
-
SHA256
b0239486d8fc97a2f3eb5f612c2f4dfce7ebe6dd190c7a044937a7486e42d578
-
SHA512
b58c28a47f47f231a204d489be892808dc9a30ccdb229101d7c6828cec3b86dbee7bd60c18dc6346a065a48910822c34890ac0fb17d677f9f5e49ddf54b169ef
-
SSDEEP
196608:m2XrSIqtPazmgL7uDbzV0xpZr8o37nmPQLi7gCsLz5:maWIPyquDCzzmPfgCY
Malware Config
Signatures
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4000-7-0x0000000000400000-0x00000000010B2000-memory.dmp INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL -
XMRig Miner payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4000-7-0x0000000000400000-0x00000000010B2000-memory.dmp xmrig