Extracted

• • Target

    Epic Games Account Two-Factor backup codes (6).txt

  • Size

    100B

  • MD5

    72d5b1bc0b38a088b20c8d72ed5481fd

  • SHA1

    0334c28bc4f1301866d7c656317edbf3f4b5ab52

  • SHA256

    b5c6d3a52dae40266c81a0907c5cf26881ad0c8821e0b6128f08ae9aee3dacad

  • SHA512

    8026a4797bba9aa3e02a017f27eea45d00e69648276f16764058b78965dfb9faaa49be9586491711033fa4e26edf7e06f8b7fa207dc58a1773fe551caca01047

  Score

  10^/10

  phemedronexmrigevasionexecutionminerpersistencespywarestealerupx

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Creates new service(s)

    persistenceexecution

  • Drops file in Drivers directory

  • Stops running service(s)

    evasionexecution

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Legitimate hosting services abused for malware hosting/C2

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1