Overview

overview

10

Static

static

10

a251653629...d5.exe

windows7-x64

10

a251653629...d5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2516536295024bc47ef2970101ccc8af70e8437e0d43a4abd6d1b974ddc66d5

  • Size

    2.5MB

  • Sample

    240609-gt67paef7s

  • MD5

    00a07a9fcf14afdec56b45d91fb41cc4

  • SHA1

    f9f5ba7b5adbfbeb1f7fcebd76798f7bad1a7d9a

  • SHA256

    a2516536295024bc47ef2970101ccc8af70e8437e0d43a4abd6d1b974ddc66d5

  • SHA512

    e52f3d74abcd8b1d91807ea7f7cec58b57a1ec2008d4824a0c4257922e55843e5cc2e41c7e39070f68b1be59899fd96a425283c065f8ae4730814cca1f35bd41

  • SSDEEP

    49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eohq:oemTLkNdfE0pZrwG

Score
10/10
kpotxmrigminerstealertrojanupx

Malware Config

Targets

    • Target

      a2516536295024bc47ef2970101ccc8af70e8437e0d43a4abd6d1b974ddc66d5

    • Size

      2.5MB

    • MD5

      00a07a9fcf14afdec56b45d91fb41cc4

    • SHA1

      f9f5ba7b5adbfbeb1f7fcebd76798f7bad1a7d9a

    • SHA256

      a2516536295024bc47ef2970101ccc8af70e8437e0d43a4abd6d1b974ddc66d5

    • SHA512

      e52f3d74abcd8b1d91807ea7f7cec58b57a1ec2008d4824a0c4257922e55843e5cc2e41c7e39070f68b1be59899fd96a425283c065f8ae4730814cca1f35bd41

    • SSDEEP

      49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eohq:oemTLkNdfE0pZrwG

    Score
    10/10
    kpotxmrigminerstealertrojanupx

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

      trojanstealerkpot

    • KPOT Core Executable

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks