Overview

overview

10

Static

static

3

Release/dl...ed.dll

windows11-21h2-x64

1

Release/loader.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Release.rar

  • Size

    37.4MB

  • Sample

    240715-s2wayazhnb

  • MD5

    050f8a0271b995d32019c0c08a43cf41

  • SHA1

    2e99201dc20df565b5d2c3a6178f924b53a72a52

  • SHA256

    5c0a9b754b17c068462ad39692c24cd79570203ef1da2aa5470c3db33f0f87b9

  • SHA512

    78e6d129117f7530b142bcd2d829d3ca8c10740d1ec3903e322583f8b2ec5de5754934f5e4a3b3e6e4d48148cc64c7fad2db38ce9633679027a070b1d7259d26

  • SSDEEP

    786432:nOP90ogsUat0H2YqYSPr8X5dlCr1ZJMCVVDVc5VXwzFo2ZcYfrM:OPiiYqjPEK1kCVVDqb04

Score
10/10
xmrigevasionexecutionminerpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Release/dlls/fortnite_undetected.dll

    • Size

      609KB

    • MD5

      81b84eebbfa9bdadc4f657863ce35e7c

    • SHA1

      c3be75fdc41791679cf073ba652123b63d26c416

    • SHA256

      a3d2ffc09ef0582cd4e72cd2117cf647a190d2bfb8dc3f36dd6ad72a3161c155

    • SHA512

      8127427064f5695c349ce69838a6916c6f792192a5e692eff8f53fdaa4943f4245d173c95838b10e91542bd264f9638f869fb76669b2af8be2e134687545a073

    • SSDEEP

      12288:U4sF+HRf6NFkPcFn00xygoLOk1nqMYqRg7SUqN9z:I+xf6cPcFnBsLOk1nqMJbUsl

    Score
    1/10
    behavioral1

    • Target

      Release/loader.exe

    • Size

      38.0MB

    • MD5

      b61aa7f007f4d56b0638abfcd9a5df4e

    • SHA1

      b58600ad6f8c44c6f1953b6de31f002318cc53f1

    • SHA256

      83ffb625219bd357151df767150728180f0e362c11e56820eaa31ad90a2ae87c

    • SHA512

      4d47833de9634937935d6e1cc368259b0c85d79d221090fc338fa60ed104afeaf900941f207f971c415fe654b4d04d19ed92f2e81139bee52c449815e05e38f9

    • SSDEEP

      786432:1waM5TIb9dn18GCdS/EW9u8m9GG+K+PoBY0sLvZu7DM:BM5Q91uGCE/EYu14PK+Pj0m+

    Score
    10/10
    xmrigevasionexecutionminerpersistencepyinstallerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Creates new service(s)

      persistenceexecution

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks