General

  • Target

    43262d98d82da281f1aab59dee4733ff0529ba497ef2654d65fed2e46bfacc00

  • Size

    1.7MB

  • Sample

    240614-zp22aazaml

  • MD5

    23c849ed374bbc0eb8cc14b6011fb313

  • SHA1

    521b5bfe9c8cf7651f48545ba2baee4a27436494

  • SHA256

    43262d98d82da281f1aab59dee4733ff0529ba497ef2654d65fed2e46bfacc00

  • SHA512

    01d3f3a98c432f73d37523ded2d3e736b0be81546b170756f2bd17cef478460102d45bfb4dfa0e68ec930bb8ce384a08cf2cb279cf36362edd7f09e5e44488e0

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t46xKMp6rdwwvi/XqwJclBVvNX:Lz071uv4BPMkFfdk2afGwwvChEv

Malware Config

Targets

    • Target

      43262d98d82da281f1aab59dee4733ff0529ba497ef2654d65fed2e46bfacc00

    • Size

      1.7MB

    • MD5

      23c849ed374bbc0eb8cc14b6011fb313

    • SHA1

      521b5bfe9c8cf7651f48545ba2baee4a27436494

    • SHA256

      43262d98d82da281f1aab59dee4733ff0529ba497ef2654d65fed2e46bfacc00

    • SHA512

      01d3f3a98c432f73d37523ded2d3e736b0be81546b170756f2bd17cef478460102d45bfb4dfa0e68ec930bb8ce384a08cf2cb279cf36362edd7f09e5e44488e0

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t46xKMp6rdwwvi/XqwJclBVvNX:Lz071uv4BPMkFfdk2afGwwvChEv

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks