Overview

overview

10

Static

static

10

0255ea7ccc...18.exe

windows7-x64

10

0255ea7ccc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0255ea7ccc083d43bf0260cf505fc86a_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240727-3cgrcstgqq

  • MD5

    0255ea7ccc083d43bf0260cf505fc86a

  • SHA1

    56115a9ff389f7225571e1e2996ff0d5b6845200

  • SHA256

    8cfb2e45c2327c63237eafd49a902c83ea9e65e100e5fc9e58d20663e8ea1870

  • SHA512

    657ad031ef581f4c7d046582c004916166c201664ecbfe14c5621933981b245620d9c5d2d05ea15a4e94e340e15db29f1ab3e0dec6a3f5e706bda7a8e32195fd

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTWsuT9c9g:NABy

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      0255ea7ccc083d43bf0260cf505fc86a_JaffaCakes118

    • Size

      2.2MB

    • MD5

      0255ea7ccc083d43bf0260cf505fc86a

    • SHA1

      56115a9ff389f7225571e1e2996ff0d5b6845200

    • SHA256

      8cfb2e45c2327c63237eafd49a902c83ea9e65e100e5fc9e58d20663e8ea1870

    • SHA512

      657ad031ef581f4c7d046582c004916166c201664ecbfe14c5621933981b245620d9c5d2d05ea15a4e94e340e15db29f1ab3e0dec6a3f5e706bda7a8e32195fd

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTWsuT9c9g:NABy

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks