General

  • Target

    2b802b7304801eb3fdca4be12536fd1f08b61037e128036c79241847eba9d202

  • Size

    2.9MB

  • Sample

    240614-yp5xhaxejk

  • MD5

    647a49e67f76031495b791520cd04acd

  • SHA1

    62f9dea8c50342815ce2e9165377693f36b379f4

  • SHA256

    2b802b7304801eb3fdca4be12536fd1f08b61037e128036c79241847eba9d202

  • SHA512

    c00e37df2718e8607defaf321dbd59af9f421826e747a7c58e35c77803321397e6b866922826bdf7e10f06d212df1e1f500bfbb3f8b7d1bdde29642b8080e09f

  • SSDEEP

    49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0I6Gz3N1p3EU:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rr

Malware Config

Targets

    • Target

      2b802b7304801eb3fdca4be12536fd1f08b61037e128036c79241847eba9d202

    • Size

      2.9MB

    • MD5

      647a49e67f76031495b791520cd04acd

    • SHA1

      62f9dea8c50342815ce2e9165377693f36b379f4

    • SHA256

      2b802b7304801eb3fdca4be12536fd1f08b61037e128036c79241847eba9d202

    • SHA512

      c00e37df2718e8607defaf321dbd59af9f421826e747a7c58e35c77803321397e6b866922826bdf7e10f06d212df1e1f500bfbb3f8b7d1bdde29642b8080e09f

    • SSDEEP

      49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0I6Gz3N1p3EU:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rr

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks