General

  • Target

    f60f192f9a126ffd2dcfb77a01248a80N

  • Size

    2.6MB

  • Sample

    240907-wt77baxcnq

  • MD5

    f60f192f9a126ffd2dcfb77a01248a80

  • SHA1

    4ae64f5ce7eb525778159e0feebb1c2ac91e7258

  • SHA256

    1e05f614858d46092a20dcccf7cf9a898c342ea22b1f4bdddf15848e08ac5342

  • SHA512

    75323b203343834eba1ceac07983d95224871cfdedb0cc0c95b9f2920984b8e3265ab99331067068ddfa09a81f888d282c98f1c6f25e8d586345eca0a2f79688

  • SSDEEP

    49152:TkBwfviiCBKaOw0K/6E6nQ6qYJuMF2t4s9Y7pfWSdcaJG48lDXF49Nrp:TkBjXYaOwX6E2TqiuO7s9YISdjNuDX

Malware Config

Targets

    • Target

      f60f192f9a126ffd2dcfb77a01248a80N

    • Size

      2.6MB

    • MD5

      f60f192f9a126ffd2dcfb77a01248a80

    • SHA1

      4ae64f5ce7eb525778159e0feebb1c2ac91e7258

    • SHA256

      1e05f614858d46092a20dcccf7cf9a898c342ea22b1f4bdddf15848e08ac5342

    • SHA512

      75323b203343834eba1ceac07983d95224871cfdedb0cc0c95b9f2920984b8e3265ab99331067068ddfa09a81f888d282c98f1c6f25e8d586345eca0a2f79688

    • SSDEEP

      49152:TkBwfviiCBKaOw0K/6E6nQ6qYJuMF2t4s9Y7pfWSdcaJG48lDXF49Nrp:TkBjXYaOwX6E2TqiuO7s9YISdjNuDX

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Stops running service(s)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks