Overview

overview

10

Static

static

10

397c15beb0...0N.exe

windows7-x64

10

397c15beb0...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    397c15beb003e3bc9161d21e65051a20N

  • Size

    1.9MB

  • Sample

    240911-slwlrsxgmf

  • MD5

    397c15beb003e3bc9161d21e65051a20

  • SHA1

    5530d95199fa631fa6ee14faeb261411533e7fa6

  • SHA256

    788632b6b844effa85487c036d9e63df51812ef7365a907e8c5d7fae758c8bf4

  • SHA512

    1008781fcdacd73e33fa91667b15258599ebadb72178d18e8ede6e80565208864327a2f5b34c5e43639ff183f54a5e5db8acdf0b0bb27c1bc41e612fafc17335

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlNIZbElhzBXeCnfJCwCc4MAKFpMlyapbhcy4:Lz071uv4BPMkFfdgIZohteLM0hjGV

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      397c15beb003e3bc9161d21e65051a20N

    • Size

      1.9MB

    • MD5

      397c15beb003e3bc9161d21e65051a20

    • SHA1

      5530d95199fa631fa6ee14faeb261411533e7fa6

    • SHA256

      788632b6b844effa85487c036d9e63df51812ef7365a907e8c5d7fae758c8bf4

    • SHA512

      1008781fcdacd73e33fa91667b15258599ebadb72178d18e8ede6e80565208864327a2f5b34c5e43639ff183f54a5e5db8acdf0b0bb27c1bc41e612fafc17335

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlNIZbElhzBXeCnfJCwCc4MAKFpMlyapbhcy4:Lz071uv4BPMkFfdgIZohteLM0hjGV

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks