General
-
Target
Miners.zip
-
Size
11.7MB
-
Sample
240610-by72wsag95
-
MD5
2e65cc91043317c289e853b0aae301e4
-
SHA1
c30dc9cdcc114a503cbce389ef344cbe56f6ad5b
-
SHA256
5777a295a10efd68effe3367a79f27e47622391cd2c8b66c01eaf8045f1e181c
-
SHA512
65a8d53bf8a7cac5c8ba1930abdf605ac88daf20bb2d206657a598d51cfdc1e0384e7305a3420ebe5f9ff2c46e4fc2bac277de6e73cb15184ff3615721c9e825
-
SSDEEP
196608:hqzuNihqGbKwHcjfO9gALfCDwRAdyvP3ugFZGHe58A1W+L3/D6unPTov8sZSzDfk:hqzuH2vcLO6SCpyn3ugHbh1WQ/2uPTof
Behavioral task
behavioral1
Sample
UAC.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
miner.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
putty.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
UAC.exe
-
Size
96KB
-
MD5
c39fbaa16c9f9d3c833b9452c6a85940
-
SHA1
f7347a9a5696764339b03942aaa84ec4eaeda8c5
-
SHA256
f7c43a1b2e358cb34026af42c77985a0027d4582c6fdcd7c77f4f7b5d517b9fb
-
SHA512
67b54af9204a123154da630e0cc50b46a5ada68851dbcd719c0bfc2f41b34d950c6c54e308c3a809b668c1646e33b2bb0277b2bc041449f3e0d85b8cb18efd89
-
SSDEEP
1536:3qOpZYLPWqOpqKTpXDkLepf3NW7d9NE768E0e+7zF6VkXOhC/LSCvsW90VcdFy9q:3qLUprZEeF3NWf8E0eaFuhCzgkFQvbHO
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
-
-
Target
miner.exe
-
Size
5.3MB
-
MD5
4674052e1bdaf5f0e51bf1a731e1b6e8
-
SHA1
341a06ed501decaa13e94284e9cf3bc9dc74321c
-
SHA256
e71d256a4b1f8aff106556a27fc45f1c48384232353bd8028f588ba6ef59c3f6
-
SHA512
4b24c67097d9a172f4a8826af8489b8c0c5c0160b4da40b070340105cd056005062d214808a3296d5fcb349ad21a97044a36ad28b4eceb0f7f9713dc91536ec8
-
SSDEEP
98304:7LSHPhEzeeUn3SLIeOrctwZlaqYPXg3zwPLsfN3x:7e569UisISalPXHPLsfNh
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
-
-
Target
putty.exe
-
Size
2.5MB
-
MD5
744f16da7768ed9f66393cb57f760746
-
SHA1
759f5bded9426a4b553d6cdd9c07100b775ece4c
-
SHA256
40332ac6fe28c775fa236b647cd3f4ca015ac140a6344ed88ce7ba33bbf1c501
-
SHA512
6f081e656299c947a764e1900db14bea62bae1ecde6e0e97d809223caf8bd63b14bcbe2ebfa73051b8e666fd49ebf2989bce3cd378e42df7808a64e5df1b4014
-
SSDEEP
49152:hazSw1Kb+TJZl9hsJHgKocnXWzH6Oo4y3rK85AEFeg:haL1Qm9hWghedXhq1
Score8/10-
Creates new service(s)
-
-
-
Target
update.exe
-
Size
5.6MB
-
MD5
5d0fb9d3fcf1a559a5a346ce92cab568
-
SHA1
b2694e809d2ce81a4fc3aba099d6375bd4edfa8c
-
SHA256
cf18f63365fe527daf3891fe264d2f345626ccccb8733c35966ca8040106dbe6
-
SHA512
4860d67625ef28347cf1c31aeb7af24d8bfde9d85ffcd92615795d84362be8c36e11048be7f8ddb3dd581297c735ad7b845c6760a5eee82ce1a49dd104c1dd48
-
SSDEEP
98304:OornZQfD8SMbKN6QEFiThZNUoiC91w8LqBmwSmCUSgTwObu+p4rjT85KJl:bryb8SMbKkQEShZNU40iqS9USgTw0irX
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Creates new service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-