General

  • Target

    5680f283072ab5a204e58734f1abc857c13d4cbe1d5fefd69200732b51ca7d65

  • Size

    3.0MB

  • Sample

    240614-1j5qnaxblc

  • MD5

    6922be2b05b74df9292d2194f15e5e80

  • SHA1

    5ff7b9e43d82712f7957c2d01632f2194e46b882

  • SHA256

    5680f283072ab5a204e58734f1abc857c13d4cbe1d5fefd69200732b51ca7d65

  • SHA512

    80e791031aa9850017498b3738b311a2e85fd21a6fdc8ef409fb326e2d6abc7bdddb9a3fc9eebac8f408c3d516eb74126f81fe00da23ddcb6b0b949049f15e82

  • SSDEEP

    49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2a2yKmktEy:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Ro

Malware Config

Targets

    • Target

      5680f283072ab5a204e58734f1abc857c13d4cbe1d5fefd69200732b51ca7d65

    • Size

      3.0MB

    • MD5

      6922be2b05b74df9292d2194f15e5e80

    • SHA1

      5ff7b9e43d82712f7957c2d01632f2194e46b882

    • SHA256

      5680f283072ab5a204e58734f1abc857c13d4cbe1d5fefd69200732b51ca7d65

    • SHA512

      80e791031aa9850017498b3738b311a2e85fd21a6fdc8ef409fb326e2d6abc7bdddb9a3fc9eebac8f408c3d516eb74126f81fe00da23ddcb6b0b949049f15e82

    • SSDEEP

      49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2a2yKmktEy:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Ro

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks