General
-
Target
9fe025cfa59856311516403021ff56b0N.exe
-
Size
6.6MB
-
Sample
240725-jk8ehawfpj
-
MD5
9fe025cfa59856311516403021ff56b0
-
SHA1
90b3de4357c4a07fe4de85130466a22d1a8ac0d5
-
SHA256
e8aa579faf816e6a59fb7a22f3b9881b3d1c847ab2637086215f6f1db4589a63
-
SHA512
bd196f35f934046205780c69e009a3e4f272c97a407d684626f2fc561051cac8d513695d7ed3e4ac444cbdf9cbceaaefcaaac589042600198ea41f35c4523e82
-
SSDEEP
196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKaz1:kfauN/HYOSIT/EVF9R
Malware Config
Targets
-
-
Target
9fe025cfa59856311516403021ff56b0N.exe
-
Size
6.6MB
-
MD5
9fe025cfa59856311516403021ff56b0
-
SHA1
90b3de4357c4a07fe4de85130466a22d1a8ac0d5
-
SHA256
e8aa579faf816e6a59fb7a22f3b9881b3d1c847ab2637086215f6f1db4589a63
-
SHA512
bd196f35f934046205780c69e009a3e4f272c97a407d684626f2fc561051cac8d513695d7ed3e4ac444cbdf9cbceaaefcaaac589042600198ea41f35c4523e82
-
SSDEEP
196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKaz1:kfauN/HYOSIT/EVF9R
Score10/10-
Beapy
Beapy is a python worm with crypto mining capabilities.
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Contacts a large (5590) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
mimikatz is an open source tool to dump credentials on Windows
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1Clear Persistence
1