Behavioral task
behavioral1
Sample
7b2307e20f6fee98271392192e162f48b48ec59cba18a5937c109826f92ef4c9.exe
Resource
win7-20240704-en
General
-
Target
7b2307e20f6fee98271392192e162f48b48ec59cba18a5937c109826f92ef4c9
-
Size
1.8MB
-
MD5
a96f5714b1bfeb23d4ba931ca16b3fce
-
SHA1
02424ff8149513d59d6dd6cf06469894b54744de
-
SHA256
7b2307e20f6fee98271392192e162f48b48ec59cba18a5937c109826f92ef4c9
-
SHA512
a15e035ddf56b8154d5e80e122bdf1e96028a0f8fc4e7ceade009e5f988f801465b13c5bdcf982bb2c45fa0cb07b4adf18d5209b3bf3c34c0841c5d2bebdb923
-
SSDEEP
49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KiG:BemTLkNdfE0pZrww
Malware Config
Signatures
-
KPOT Core Executable 1 IoCs
resource yara_rule sample family_kpot -
Kpot family
-
XMRig Miner payload 1 IoCs
resource yara_rule sample xmrig -
Xmrig family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7b2307e20f6fee98271392192e162f48b48ec59cba18a5937c109826f92ef4c9
Files
-
7b2307e20f6fee98271392192e162f48b48ec59cba18a5937c109826f92ef4c9.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 724KB - Virtual size: 3.0MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 272KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE