General

  • Target

    62132844dcf5ac32e3265849eb498d4e43fdb3662a18b1731f1389afee186774

  • Size

    2.7MB

  • Sample

    240804-18ssdsyalk

  • MD5

    190b320811bf07e08c63691b0d9efba2

  • SHA1

    e051fabb5ca2137dc4027da677452f411e83669f

  • SHA256

    62132844dcf5ac32e3265849eb498d4e43fdb3662a18b1731f1389afee186774

  • SHA512

    45b65d81083d7f9add115acf84cca913d665a839e66692169d1e52c3a4f5be6dd6b8b201e065a89fd9d00023dbb768584f6a3da83f6f6088e6a72afb6f779900

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleLWrJ5O2:NABD

Malware Config

Targets

    • Target

      62132844dcf5ac32e3265849eb498d4e43fdb3662a18b1731f1389afee186774

    • Size

      2.7MB

    • MD5

      190b320811bf07e08c63691b0d9efba2

    • SHA1

      e051fabb5ca2137dc4027da677452f411e83669f

    • SHA256

      62132844dcf5ac32e3265849eb498d4e43fdb3662a18b1731f1389afee186774

    • SHA512

      45b65d81083d7f9add115acf84cca913d665a839e66692169d1e52c3a4f5be6dd6b8b201e065a89fd9d00023dbb768584f6a3da83f6f6088e6a72afb6f779900

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleLWrJ5O2:NABD

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks