General
-
Target
d0ff3e93d1366c4ae8cd462d08056db0N.exe
-
Size
6.6MB
-
Sample
240715-nr5peavblq
-
MD5
d0ff3e93d1366c4ae8cd462d08056db0
-
SHA1
90fbbd99da6bab4ca2c728d6c4da41be51f08a83
-
SHA256
e03ab01060dd8d35e4221ab806074d8e02c7d491e658b5a155b8d807df8598ec
-
SHA512
b05b56fa12701929e302e5d9d04831f99d9359150f49464aa813b2508117697db4c88c27a4cd7128ee9eda0d39291e292af59716ce7a5e46dcc70e0a265c9f78
-
SSDEEP
196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKaza:kfauN/HYOSIT/EVF92
Malware Config
Targets
-
-
Target
d0ff3e93d1366c4ae8cd462d08056db0N.exe
-
Size
6.6MB
-
MD5
d0ff3e93d1366c4ae8cd462d08056db0
-
SHA1
90fbbd99da6bab4ca2c728d6c4da41be51f08a83
-
SHA256
e03ab01060dd8d35e4221ab806074d8e02c7d491e658b5a155b8d807df8598ec
-
SHA512
b05b56fa12701929e302e5d9d04831f99d9359150f49464aa813b2508117697db4c88c27a4cd7128ee9eda0d39291e292af59716ce7a5e46dcc70e0a265c9f78
-
SSDEEP
196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKaza:kfauN/HYOSIT/EVF92
Score10/10-
Beapy
Beapy is a python worm with crypto mining capabilities.
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Contacts a large (5590) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
mimikatz is an open source tool to dump credentials on Windows
-
Modifies Windows Firewall
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1