Overview

overview

10

Static

static

3

RC7/RC7Boo...er.exe

windows10-1703-x64

10

RC7/README.txt

windows10-1703-x64

1

Resubmissions

07-07-2024 20:37

240707-zea5taxgnn 10

07-07-2024 20:35

240707-zczemazfkg 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RC7(1).zip

  • Size

    3.9MB

  • Sample

    240707-zea5taxgnn

  • MD5

    b6eeb3ed9e9d7f1a41d7a86f7e21ac09

  • SHA1

    aa8f0e96b3d5cc5795f37d1a178a1b34f9f81d73

  • SHA256

    b49390b4daf62f2820628045a3bc64db1d467e7ae435b56880c37dfa38d8888d

  • SHA512

    86d470d9cf3ca2418fccf9359c392c0411ddbc4374432e70f90e3566bcccac0852a7ff54aa4a8fa7b0c6f166ecf8d5a98e93585aed74ff42fe337a86e41f622b

  • SSDEEP

    98304:SUKRPGV3ekFvrFaqWcYwsKfv8FfttqHJqbkSTEy0FkogNCdu1KWPa79NL:ZKwOk5p+twsgWtUqbV50ysurm9t

Score
10/10
xmrigevasionexecutionminerpersistence

Malware Config

Targets

    • Target

      RC7/RC7Bootstrapper.exe

    • Size

      5.8MB

    • MD5

      8ec3d8c3b8b07773063179d1e7e4ba1e

    • SHA1

      ac62c0c58fe07f1ef2e248f792576b79f6ae8ba4

    • SHA256

      b7e907240e81346985c274a77b9ea36883fde7c4cfea40597ce0f40570477ef1

    • SHA512

      ff77016df3382cc8d3b6c87fb5cc6408b4da9d2964e444e983e3456f4bf84425b572e991aaa0cf788cd81db32bb9f33b1c87ce007e96ebbac720c775a64000e5

    • SSDEEP

      98304:PQ+jX+QNtsDF+bcV0ApzfA2wofnAStTN99QaQhd4s:P3Te+bRAps2ZfASb99JeKs

    Score
    10/10
    xmrigevasionexecutionminerpersistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in Drivers directory

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      RC7/README.txt

    • Size

      146B

    • MD5

      d89c2b5e54d4127a0815dad6967b0e1c

    • SHA1

      e949d9513826c403472c378bbfe3344ce0f4b563

    • SHA256

      c0d0a41628605437f669da659031d77755bcd8ef7e1f8b36e06498f5e39cc751

    • SHA512

      31cc894b84a2b235df148b4cfc7ad4466bf68b70235bcca82dc50388e5749880e60d6168cc516e071e17abead7a50527e23b6cc2b8f99a2bf656eebe9bcd21d9

    Score
    1/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks