General
-
Target
SecuriteInfo.com.Win32.CoinminerXgen.22200.11178
-
Size
242KB
-
Sample
240704-vwmsqascqc
-
MD5
a3f767e76c8c6baa9a154d576c7ba49d
-
SHA1
c9a2479bd372fd3ae569b67fc132eac6d5ad9ef0
-
SHA256
eb9a9a49e21219cdc673eb0b3266c2f4c2a759df7c17f4c19ede70e1d5b01dc5
-
SHA512
6e567b6dab41a56eb777a06644e1f6ba0d80131ebcd03443e3b526ef5f7dfaaa3f41ee175a26e976d1b6deef4967d677ec71f87cc63a26559e39e1a6c46042ab
-
SSDEEP
6144:94OlpLX5KTcVgpod/a3gctM7lresEobLr49+I:igX5Pg2dC3ft+wsEobLr49j
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.CoinminerXgen.22200.exe
Resource
win7-20240419-en
Malware Config
Extracted
xenorat
dns.dobiamfollollc.online
Solid_rat_nd8889g
-
delay
61000
-
install_path
appdata
-
port
1283
-
startup_name
bns
Targets
-
-
Target
SecuriteInfo.com.Win32.CoinminerXgen.22200.11178
-
Size
242KB
-
MD5
a3f767e76c8c6baa9a154d576c7ba49d
-
SHA1
c9a2479bd372fd3ae569b67fc132eac6d5ad9ef0
-
SHA256
eb9a9a49e21219cdc673eb0b3266c2f4c2a759df7c17f4c19ede70e1d5b01dc5
-
SHA512
6e567b6dab41a56eb777a06644e1f6ba0d80131ebcd03443e3b526ef5f7dfaaa3f41ee175a26e976d1b6deef4967d677ec71f87cc63a26559e39e1a6c46042ab
-
SSDEEP
6144:94OlpLX5KTcVgpod/a3gctM7lresEobLr49+I:igX5Pg2dC3ft+wsEobLr49j
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-