General

  • Target

    9bf4b234405bc11dce86e0a058f03bd0N.exe

  • Size

    1.6MB

  • Sample

    240723-lmw6cszdrn

  • MD5

    9bf4b234405bc11dce86e0a058f03bd0

  • SHA1

    ab6cd055881798d10c26364d531be581bc65268a

  • SHA256

    a730a80e53bcb14fcfd71e8becdfc7d2008888c66917b65e6dbee41cf2ef28f1

  • SHA512

    615ef14bb22174fc89745345bc2e11211c2c90f8f23a3225881a2df69913fd59ead17c8fc67fe2cb9040ce5f4e11095bc38ca63dd5245696064e6dc40c133296

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/VPwa/eebVs4:Lz071uv4BPMkibTIA5CJ31

Malware Config

Targets

    • Target

      9bf4b234405bc11dce86e0a058f03bd0N.exe

    • Size

      1.6MB

    • MD5

      9bf4b234405bc11dce86e0a058f03bd0

    • SHA1

      ab6cd055881798d10c26364d531be581bc65268a

    • SHA256

      a730a80e53bcb14fcfd71e8becdfc7d2008888c66917b65e6dbee41cf2ef28f1

    • SHA512

      615ef14bb22174fc89745345bc2e11211c2c90f8f23a3225881a2df69913fd59ead17c8fc67fe2cb9040ce5f4e11095bc38ca63dd5245696064e6dc40c133296

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/VPwa/eebVs4:Lz071uv4BPMkibTIA5CJ31

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks