Resubmissions

03/09/2024, 21:20

240903-z64ansycph 10

03/09/2024, 21:20

240903-z63ddaycpg 10

03/09/2024, 21:20

240903-z62rvaxdlj 10

03/09/2024, 21:19

240903-z6bknaycmg 10

03/09/2024, 21:17

240903-z41f1aycke 10

03/09/2024, 18:34

240903-w7xbzavclb 10

03/09/2024, 18:34

240903-w7wqfavcla 10

03/09/2024, 18:34

240903-w7twvatbmn 10

03/09/2024, 18:33

240903-w7mgrstblr 10

03/09/2024, 18:33

240903-w69kxatbll 10

General

  • Target

    TEST POP.zip

  • Size

    3.7MB

  • MD5

    b933a7dfff54bc6a8a816f27b018f1d3

  • SHA1

    dee34a8d314f29aa8b57657425bec770f8264006

  • SHA256

    c5d5d86e51d8626be256fff486b4724275cf3b5532cd1d4ddfaeb9bdbdc172c2

  • SHA512

    fe0c9901dee867453d067dd14cb774985589744e4e79e7f0d10a7bfd53e069868f5101115eb3d9834f9aa7d5fc298a8912a45f0c0149f77d99e04d32bee465b5

  • SSDEEP

    98304:xsvYBDD+sOg66q67bDp51+re1aAA717SmESMy7dglIuJG3t:a0DKPg6i7bP1eSA71eRSMy7qIukd

Score
10/10

Malware Config

Signatures

  • XMRig Miner payload 2 IoCs
  • Xmrig family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • TEST POP.zip
    .zip
  • TEST POP/Start-Monero.bat
  • TEST POP/Start-Salvium.bat
  • TEST POP/Start-Zephyr.bat
  • TEST POP/WinRing0x64.sys
    .sys windows:6 windows x64 arch:x64

    d41fa95d4642dc981f10de36f4dc8cd7


    Code Sign

    Headers

    Imports

    Sections

  • TEST POP/xmrig.exe
    .exe windows:4 windows x64 arch:x64

    0a60d98d529c56f82bfac35997fa6601


    Headers

    Imports

    Sections