General
-
Target
54aca051538907e89ac57a1ef45d6c8d46b63e5b2adaed98115b8f6defd19012
-
Size
5.3MB
-
Sample
240614-1ft5raxalc
-
MD5
908046dcd50169990b30b01280924d9a
-
SHA1
2c53447516ff30261359b829bc65ad9dd9bd4b2c
-
SHA256
54aca051538907e89ac57a1ef45d6c8d46b63e5b2adaed98115b8f6defd19012
-
SHA512
bf9adeef9250138e0f1581b5fe4c643e2cc659d14b44b9f4087371f676fe699ad6056e8161b3788429491cece5799e219988ce6fdd99a1e89ed62fff644a3c05
-
SSDEEP
98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S
Static task
static1
Behavioral task
behavioral1
Sample
54aca051538907e89ac57a1ef45d6c8d46b63e5b2adaed98115b8f6defd19012.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
54aca051538907e89ac57a1ef45d6c8d46b63e5b2adaed98115b8f6defd19012
-
Size
5.3MB
-
MD5
908046dcd50169990b30b01280924d9a
-
SHA1
2c53447516ff30261359b829bc65ad9dd9bd4b2c
-
SHA256
54aca051538907e89ac57a1ef45d6c8d46b63e5b2adaed98115b8f6defd19012
-
SHA512
bf9adeef9250138e0f1581b5fe4c643e2cc659d14b44b9f4087371f676fe699ad6056e8161b3788429491cece5799e219988ce6fdd99a1e89ed62fff644a3c05
-
SSDEEP
98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S
-
UPX dump on OEP (original entry point)
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-