Overview

overview

10

Static

static

10

4b1137c965...35.exe

windows7-x64

10

4b1137c965...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b1137c965714aacb03de2bb9c6e4b5c91e0bad54f7b35912f0e2fa63fbd7035

  • Size

    3.1MB

  • Sample

    240806-z96j7svcpc

  • MD5

    3761e2cd3eb61af40442bc4eb1d23fc1

  • SHA1

    6a5ff3b74b8c3689495b8b66425abb254e8e7b51

  • SHA256

    4b1137c965714aacb03de2bb9c6e4b5c91e0bad54f7b35912f0e2fa63fbd7035

  • SHA512

    caafae185d0b0c1a2ea2801c92246a4f27601ba18e0171a452fc38c1d6874448fcdd0adc6b70ccc2c0a3b326e76f8f2cf7d87ee33da5183f7e4bfb16270b5405

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW2:7bBeSFky

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      4b1137c965714aacb03de2bb9c6e4b5c91e0bad54f7b35912f0e2fa63fbd7035

    • Size

      3.1MB

    • MD5

      3761e2cd3eb61af40442bc4eb1d23fc1

    • SHA1

      6a5ff3b74b8c3689495b8b66425abb254e8e7b51

    • SHA256

      4b1137c965714aacb03de2bb9c6e4b5c91e0bad54f7b35912f0e2fa63fbd7035

    • SHA512

      caafae185d0b0c1a2ea2801c92246a4f27601ba18e0171a452fc38c1d6874448fcdd0adc6b70ccc2c0a3b326e76f8f2cf7d87ee33da5183f7e4bfb16270b5405

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW2:7bBeSFky

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks