General

  • Target

    a5dab42ef8275176b05ff880334499a63ddd0100f0edf809f37fb91103ebe273

  • Size

    3.1MB

  • Sample

    240610-s3aqmascnk

  • MD5

    0e0c28011373b45d78152c8d6a35e45c

  • SHA1

    ee76cc78e34b2088ed281f873172d2189854a7d7

  • SHA256

    a5dab42ef8275176b05ff880334499a63ddd0100f0edf809f37fb91103ebe273

  • SHA512

    fd7be8b1247bf546cc5e7ec2cf789f52b7affd4e8ace615b3a846f02fc0f7df9be6bcf83cd3fc054b2c7d40d594e3d7b7c52f17c7e3964f4a47027cb1a8f5a64

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW+:7bBeSFkS

Malware Config

Targets

    • Target

      a5dab42ef8275176b05ff880334499a63ddd0100f0edf809f37fb91103ebe273

    • Size

      3.1MB

    • MD5

      0e0c28011373b45d78152c8d6a35e45c

    • SHA1

      ee76cc78e34b2088ed281f873172d2189854a7d7

    • SHA256

      a5dab42ef8275176b05ff880334499a63ddd0100f0edf809f37fb91103ebe273

    • SHA512

      fd7be8b1247bf546cc5e7ec2cf789f52b7affd4e8ace615b3a846f02fc0f7df9be6bcf83cd3fc054b2c7d40d594e3d7b7c52f17c7e3964f4a47027cb1a8f5a64

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW+:7bBeSFkS

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks