General

  • Target

    a27e7f5dd1a63c9bbf2ab3f416bc54cee7c14b578a4f2405b6a4420cdc0ff3a8

  • Size

    1.8MB

  • Sample

    240610-sx1pvssaqr

  • MD5

    078611755d10e68c06739a0faf9845e7

  • SHA1

    8d16755153b41350a6f9ed8223e84faadcf8a26b

  • SHA256

    a27e7f5dd1a63c9bbf2ab3f416bc54cee7c14b578a4f2405b6a4420cdc0ff3a8

  • SHA512

    e72488354bbdfcc118fadf05ba6a2d12158ede03b036ee325b3b816fc18d31ef35bbcd9518e0a1aabca8e9a9a5e1f64e16f791cd2006b63e63f0c4f7d37901ff

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5OaD8VAEDzfJykmA3deeJGzsQJ:Lz071uv4BPMkyW10/w16clf53ddw

Malware Config

Targets

    • Target

      a27e7f5dd1a63c9bbf2ab3f416bc54cee7c14b578a4f2405b6a4420cdc0ff3a8

    • Size

      1.8MB

    • MD5

      078611755d10e68c06739a0faf9845e7

    • SHA1

      8d16755153b41350a6f9ed8223e84faadcf8a26b

    • SHA256

      a27e7f5dd1a63c9bbf2ab3f416bc54cee7c14b578a4f2405b6a4420cdc0ff3a8

    • SHA512

      e72488354bbdfcc118fadf05ba6a2d12158ede03b036ee325b3b816fc18d31ef35bbcd9518e0a1aabca8e9a9a5e1f64e16f791cd2006b63e63f0c4f7d37901ff

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5OaD8VAEDzfJykmA3deeJGzsQJ:Lz071uv4BPMkyW10/w16clf53ddw

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks