General

  • Target

    8acc25494e2bb0d2dab3d3cdda79dffb25d8ed251a6a0854b6dd255d6c5321aa

  • Size

    3.2MB

  • Sample

    240610-rvq7zazdqk

  • MD5

    4d4c125bde84e3c5c3d4580812f3c0e4

  • SHA1

    8a4402c7a3cde828892a115d2722c931dfe2aec8

  • SHA256

    8acc25494e2bb0d2dab3d3cdda79dffb25d8ed251a6a0854b6dd255d6c5321aa

  • SHA512

    293b33c48888f4c444160e57fc39d43eb84827a6b1abdad038706b58d5c10f25772a69e8c9ff751aed8f2a1eceba50296d4f48500cc481ec83803053c0d2db66

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW8:7bBeSFkw

Malware Config

Targets

    • Target

      8acc25494e2bb0d2dab3d3cdda79dffb25d8ed251a6a0854b6dd255d6c5321aa

    • Size

      3.2MB

    • MD5

      4d4c125bde84e3c5c3d4580812f3c0e4

    • SHA1

      8a4402c7a3cde828892a115d2722c931dfe2aec8

    • SHA256

      8acc25494e2bb0d2dab3d3cdda79dffb25d8ed251a6a0854b6dd255d6c5321aa

    • SHA512

      293b33c48888f4c444160e57fc39d43eb84827a6b1abdad038706b58d5c10f25772a69e8c9ff751aed8f2a1eceba50296d4f48500cc481ec83803053c0d2db66

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW8:7bBeSFkw

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks