General
-
Target
7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2
-
Size
1.8MB
-
Sample
240629-2mwslaybng
-
MD5
5a75711389bb58329c06e22d8beeab43
-
SHA1
20502828bdcb059a4e7f8fffc84258bf5811ab89
-
SHA256
7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2
-
SHA512
64589781424c749901316409c57f9c1f4019c36381dbcd1698fc0a32a5e40301cf35b12f997cf63a53a4b623285205dcc1a8789fb77885a620afda1cd34081cc
-
SSDEEP
49152:Lz071uv4BPMkHC0IlnASEx/z+cl8WNG/Wof:NABI
Malware Config
Targets
-
-
Target
7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2
-
Size
1.8MB
-
MD5
5a75711389bb58329c06e22d8beeab43
-
SHA1
20502828bdcb059a4e7f8fffc84258bf5811ab89
-
SHA256
7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2
-
SHA512
64589781424c749901316409c57f9c1f4019c36381dbcd1698fc0a32a5e40301cf35b12f997cf63a53a4b623285205dcc1a8789fb77885a620afda1cd34081cc
-
SSDEEP
49152:Lz071uv4BPMkHC0IlnASEx/z+cl8WNG/Wof:NABI
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Detects executables containing URLs to raw contents of a Github gist
-
UPX dump on OEP (original entry point)
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-