General
-
Target
Krnl.rar
-
Size
4.0MB
-
Sample
240614-s6q7sa1aqr
-
MD5
694249c201b5cc32127dddb34e4b8d0d
-
SHA1
f9e87459cf4431f4f6080400a91bd504812f167a
-
SHA256
73b63a0da8648a81916cc2deadd07b9345ff7cf268f2a9a35c25b43fa3ba312a
-
SHA512
5f40e40ff5e84f8c0082a0a711e8f86ec236d5c46279e303b046d8fb61e6e013a96019f0bcd092be8f9c8b6973ddf97438cd9bd19ea304774c89e18248c41d10
-
SSDEEP
98304:fIplh+5HiooMepy5GWtOqucmYX7X1A2ca0T4+DdyzJIZ5CS9Ar7:GL+5HjnWgjjmYX5Axa0Tb4KCSSr7
Static task
static1
Behavioral task
behavioral1
Sample
Krnl.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
Krnl.exe
-
Size
5.3MB
-
MD5
4570ebfb64c5e9660e0fe27877adae01
-
SHA1
a4a9e2218828cd81ab77791154801e87b0f6a099
-
SHA256
aa16c6dac9061821fb5f8b99138fa21a9f031c0606789e36eeb8be9d274b823d
-
SHA512
3c65deaf97f1af90e13d9a56b0b34845171692be4aec48fda4170d8993e1af8aaed3c84e7f685ed13b973ea9bece24d96c07a961378b9aac3cb18ff0c0b19bad
-
SSDEEP
98304:3bnKNOtQQDTL2bB5icVbv6lkI4w6I6LPhEGKu/6ZrrZVUkmnj:rnKNOWQD0B576q1w6VPhEG+ZrrZV/mj
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-