General

  • Target

    558a74638838f572697035c1168dcff0eee86af4a5e2560c2effe2b2740f75bf

  • Size

    5.3MB

  • Sample

    240614-1htxrs1bnr

  • MD5

    e2edf694effccd15fc2af2cfa9deadc9

  • SHA1

    10d8532ca58a1c409d4fd7ea3f20b256e4454777

  • SHA256

    558a74638838f572697035c1168dcff0eee86af4a5e2560c2effe2b2740f75bf

  • SHA512

    50e04c0382469ae7aef22d2339d99107ba46858e10d221660df5e7bdb20c69bef6a675d4acdd1c124cc9b7c8d9fb9ac3ee8297bb771646ad19abcad2970bd900

  • SSDEEP

    98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S

Malware Config

Targets

    • Target

      558a74638838f572697035c1168dcff0eee86af4a5e2560c2effe2b2740f75bf

    • Size

      5.3MB

    • MD5

      e2edf694effccd15fc2af2cfa9deadc9

    • SHA1

      10d8532ca58a1c409d4fd7ea3f20b256e4454777

    • SHA256

      558a74638838f572697035c1168dcff0eee86af4a5e2560c2effe2b2740f75bf

    • SHA512

      50e04c0382469ae7aef22d2339d99107ba46858e10d221660df5e7bdb20c69bef6a675d4acdd1c124cc9b7c8d9fb9ac3ee8297bb771646ad19abcad2970bd900

    • SSDEEP

      98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Stops running service(s)

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks