Overview

overview

10

Static

static

10

4b777130f1...2c.exe

windows7-x64

10

4b777130f1...2c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b777130f1683dc8c751a5d2aa88be9ef1169e8c5c7b59055b8995e5f302df2c

  • Size

    1.8MB

  • Sample

    240629-zt5mzazbpj

  • MD5

    2c1c12df3c48ac0ec8660f04ad474a40

  • SHA1

    bab6fa9c9d271da5ecdfe1424cb297a3e385a1d1

  • SHA256

    4b777130f1683dc8c751a5d2aa88be9ef1169e8c5c7b59055b8995e5f302df2c

  • SHA512

    432eeaff2ebb23adb507cd277d5b13d5cad7386cacdd8c3eee806779506c3ccb1cb5ec87d5ed1e53f9c2dad08c833e2cdd7541f728e7d8a7278d348e727ff2cb

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOk0t2MPnt4Jh/eFVHf+0:Lz071uv4BPMkFfdg6NsTt2MPTHfbh77

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      4b777130f1683dc8c751a5d2aa88be9ef1169e8c5c7b59055b8995e5f302df2c

    • Size

      1.8MB

    • MD5

      2c1c12df3c48ac0ec8660f04ad474a40

    • SHA1

      bab6fa9c9d271da5ecdfe1424cb297a3e385a1d1

    • SHA256

      4b777130f1683dc8c751a5d2aa88be9ef1169e8c5c7b59055b8995e5f302df2c

    • SHA512

      432eeaff2ebb23adb507cd277d5b13d5cad7386cacdd8c3eee806779506c3ccb1cb5ec87d5ed1e53f9c2dad08c833e2cdd7541f728e7d8a7278d348e727ff2cb

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOk0t2MPnt4Jh/eFVHf+0:Lz071uv4BPMkFfdg6NsTt2MPTHfbh77

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks