General

  • Target

    3b366e903186a2e400c280953ede8330.exe

  • Size

    1.9MB

  • Sample

    240706-d83w2avcpj

  • MD5

    3b366e903186a2e400c280953ede8330

  • SHA1

    9ec45425e717a2917d118f4c6e7e0963bfc0f904

  • SHA256

    6b23e3de471ec0d4ac537562df0476ffb018ee8c11d6cf5713034f79f3f337ae

  • SHA512

    08d289342988a4eaf9551798a3c173a07103be8d1839047c5cf108cea8d665ef564208dc3bdb11bd93c8e19a6ecd5ec9cf513b1d3c428992950c13fced3a6a29

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNI/TQ9f27dvapbkUmyJeBqFi:Lz071uv4BPMkFfdk2a2yKmkUDeGtYj

Malware Config

Targets

    • Target

      3b366e903186a2e400c280953ede8330.exe

    • Size

      1.9MB

    • MD5

      3b366e903186a2e400c280953ede8330

    • SHA1

      9ec45425e717a2917d118f4c6e7e0963bfc0f904

    • SHA256

      6b23e3de471ec0d4ac537562df0476ffb018ee8c11d6cf5713034f79f3f337ae

    • SHA512

      08d289342988a4eaf9551798a3c173a07103be8d1839047c5cf108cea8d665ef564208dc3bdb11bd93c8e19a6ecd5ec9cf513b1d3c428992950c13fced3a6a29

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNI/TQ9f27dvapbkUmyJeBqFi:Lz071uv4BPMkFfdk2a2yKmkUDeGtYj

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks