Overview

overview

10

Static

static

10

798a5231ff...0N.exe

windows7-x64

10

798a5231ff...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    798a5231ff968ccfca30c6a41bb6d980N.exe

  • Size

    2.3MB

  • Sample

    240727-bryjwa1apc

  • MD5

    798a5231ff968ccfca30c6a41bb6d980

  • SHA1

    a8b7343d31168f72e9efff01c41816a4cbdfd52f

  • SHA256

    b3228f289c7ccdb6d609dae15e38848c4f2681a89541127541a9918edb9c4554

  • SHA512

    63f732827ca8e519499ee06ad882d32a7401eedc7317901aaa7be13c617b13615b76429d6ab00e1a0b6a8b1f17b0ed4f17f1588ff2eba4f52fb5fd329e3764a9

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTWsuT9cb6VD:NABc

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      798a5231ff968ccfca30c6a41bb6d980N.exe

    • Size

      2.3MB

    • MD5

      798a5231ff968ccfca30c6a41bb6d980

    • SHA1

      a8b7343d31168f72e9efff01c41816a4cbdfd52f

    • SHA256

      b3228f289c7ccdb6d609dae15e38848c4f2681a89541127541a9918edb9c4554

    • SHA512

      63f732827ca8e519499ee06ad882d32a7401eedc7317901aaa7be13c617b13615b76429d6ab00e1a0b6a8b1f17b0ed4f17f1588ff2eba4f52fb5fd329e3764a9

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTWsuT9cb6VD:NABc

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks