General

  • Target

    5eb50813f6091760128206f474ea0770f962553a1041e45e9125072cc4e07859

  • Size

    1.9MB

  • Sample

    240614-1v6r4axfkb

  • MD5

    cd7d5db8af538c14d7879b9054d33297

  • SHA1

    1a8a1e04b431af555c324e0e4425d7a16824522a

  • SHA256

    5eb50813f6091760128206f474ea0770f962553a1041e45e9125072cc4e07859

  • SHA512

    695b5ff38822bfc0fc22a0fa3815144a4621171d5cf18e16c82aa9a01a0f1b6738851bf61f1d441862d89d639076209c697361ff8a1e6c2e595b451159d6b0a5

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/Vx+hZW0VGeE5l7NGv:Lz071uv4BPMkibTIA5CJJeefw

Malware Config

Targets

    • Target

      5eb50813f6091760128206f474ea0770f962553a1041e45e9125072cc4e07859

    • Size

      1.9MB

    • MD5

      cd7d5db8af538c14d7879b9054d33297

    • SHA1

      1a8a1e04b431af555c324e0e4425d7a16824522a

    • SHA256

      5eb50813f6091760128206f474ea0770f962553a1041e45e9125072cc4e07859

    • SHA512

      695b5ff38822bfc0fc22a0fa3815144a4621171d5cf18e16c82aa9a01a0f1b6738851bf61f1d441862d89d639076209c697361ff8a1e6c2e595b451159d6b0a5

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/Vx+hZW0VGeE5l7NGv:Lz071uv4BPMkibTIA5CJJeefw

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks