General

  • Target

    Miners.zip

  • Size

    11.7MB

  • Sample

    240610-by72wsag95

  • MD5

    2e65cc91043317c289e853b0aae301e4

  • SHA1

    c30dc9cdcc114a503cbce389ef344cbe56f6ad5b

  • SHA256

    5777a295a10efd68effe3367a79f27e47622391cd2c8b66c01eaf8045f1e181c

  • SHA512

    65a8d53bf8a7cac5c8ba1930abdf605ac88daf20bb2d206657a598d51cfdc1e0384e7305a3420ebe5f9ff2c46e4fc2bac277de6e73cb15184ff3615721c9e825

  • SSDEEP

    196608:hqzuNihqGbKwHcjfO9gALfCDwRAdyvP3ugFZGHe58A1W+L3/D6unPTov8sZSzDfk:hqzuH2vcLO6SCpyn3ugHbh1WQ/2uPTof

Malware Config

Targets

    • Target

      UAC.exe

    • Size

      96KB

    • MD5

      c39fbaa16c9f9d3c833b9452c6a85940

    • SHA1

      f7347a9a5696764339b03942aaa84ec4eaeda8c5

    • SHA256

      f7c43a1b2e358cb34026af42c77985a0027d4582c6fdcd7c77f4f7b5d517b9fb

    • SHA512

      67b54af9204a123154da630e0cc50b46a5ada68851dbcd719c0bfc2f41b34d950c6c54e308c3a809b668c1646e33b2bb0277b2bc041449f3e0d85b8cb18efd89

    • SSDEEP

      1536:3qOpZYLPWqOpqKTpXDkLepf3NW7d9NE768E0e+7zF6VkXOhC/LSCvsW90VcdFy9q:3qLUprZEeF3NWf8E0eaFuhCzgkFQvbHO

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Target

      miner.exe

    • Size

      5.3MB

    • MD5

      4674052e1bdaf5f0e51bf1a731e1b6e8

    • SHA1

      341a06ed501decaa13e94284e9cf3bc9dc74321c

    • SHA256

      e71d256a4b1f8aff106556a27fc45f1c48384232353bd8028f588ba6ef59c3f6

    • SHA512

      4b24c67097d9a172f4a8826af8489b8c0c5c0160b4da40b070340105cd056005062d214808a3296d5fcb349ad21a97044a36ad28b4eceb0f7f9713dc91536ec8

    • SSDEEP

      98304:7LSHPhEzeeUn3SLIeOrctwZlaqYPXg3zwPLsfN3x:7e569UisISalPXHPLsfNh

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Stops running service(s)

    • Target

      putty.exe

    • Size

      2.5MB

    • MD5

      744f16da7768ed9f66393cb57f760746

    • SHA1

      759f5bded9426a4b553d6cdd9c07100b775ece4c

    • SHA256

      40332ac6fe28c775fa236b647cd3f4ca015ac140a6344ed88ce7ba33bbf1c501

    • SHA512

      6f081e656299c947a764e1900db14bea62bae1ecde6e0e97d809223caf8bd63b14bcbe2ebfa73051b8e666fd49ebf2989bce3cd378e42df7808a64e5df1b4014

    • SSDEEP

      49152:hazSw1Kb+TJZl9hsJHgKocnXWzH6Oo4y3rK85AEFeg:haL1Qm9hWghedXhq1

    • Target

      update.exe

    • Size

      5.6MB

    • MD5

      5d0fb9d3fcf1a559a5a346ce92cab568

    • SHA1

      b2694e809d2ce81a4fc3aba099d6375bd4edfa8c

    • SHA256

      cf18f63365fe527daf3891fe264d2f345626ccccb8733c35966ca8040106dbe6

    • SHA512

      4860d67625ef28347cf1c31aeb7af24d8bfde9d85ffcd92615795d84362be8c36e11048be7f8ddb3dd581297c735ad7b845c6760a5eee82ce1a49dd104c1dd48

    • SSDEEP

      98304:OornZQfD8SMbKN6QEFiThZNUoiC91w8LqBmwSmCUSgTwObu+p4rjT85KJl:bryb8SMbKkQEShZNU40iqS9USgTw0irX

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Creates new service(s)

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks