General
-
Target
c3d40cac8d3aa617a2aff36083aac9199cc782d77890d04cd6a39d46117ed80a
-
Size
5.1MB
-
Sample
240630-b6r1mssale
-
MD5
8b8118653ea068069324944323dc01f2
-
SHA1
5984d8ab702c79484f8389d0858ef343ce1dbd2d
-
SHA256
c3d40cac8d3aa617a2aff36083aac9199cc782d77890d04cd6a39d46117ed80a
-
SHA512
2adb5105bb540998ea008233c787ee2c6362f8e0a1c2fb9504db4225a38ca14adda6fbd2bb1f42f8946d6ae92d9705e331223fb1fd7af5473177acabc761aabd
-
SSDEEP
98304:Pe3+ZPTVjEdQELHktz69IGel/Rt+P2kdLYP70pywaa5FooIOzJpDRHqYd+OPxU12:P8+Wbkz69PelZQ5LF6oFlpNxdRq1mcu
Malware Config
Targets
-
-
Target
c3d40cac8d3aa617a2aff36083aac9199cc782d77890d04cd6a39d46117ed80a
-
Size
5.1MB
-
MD5
8b8118653ea068069324944323dc01f2
-
SHA1
5984d8ab702c79484f8389d0858ef343ce1dbd2d
-
SHA256
c3d40cac8d3aa617a2aff36083aac9199cc782d77890d04cd6a39d46117ed80a
-
SHA512
2adb5105bb540998ea008233c787ee2c6362f8e0a1c2fb9504db4225a38ca14adda6fbd2bb1f42f8946d6ae92d9705e331223fb1fd7af5473177acabc761aabd
-
SSDEEP
98304:Pe3+ZPTVjEdQELHktz69IGel/Rt+P2kdLYP70pywaa5FooIOzJpDRHqYd+OPxU12:P8+Wbkz69PelZQ5LF6oFlpNxdRq1mcu
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-