28c665278cb244896fb360cc5d2a773b0b75c4a334075ec6462e426a5ab91908 | Triage

Sharing

General

Target

xr miner.exe
Size

29.8MB
Sample

240919-jbfm5axcnb
MD5

8c6ef23e59af6beccf80a34d46d352e4
SHA1

51db51ccb62843de50d22726f75be98742f166d4
SHA256

28c665278cb244896fb360cc5d2a773b0b75c4a334075ec6462e426a5ab91908
SHA512

3e1fc68353dbef2c073bb146df16aebfb1b180754e4af30c21b846e77739f298458d84c7e180680b9d6e95f2d8c9f3517d609efca2c8f8fd0e619106c72d03f8
SSDEEP

393216:dUhODqcltF1nEyaT+lYiUoxvC36/9xIyADAm+dfy5vN1fJhxUXpFWZ6Pys9HaF+X:dDqstzNs+SihxLQA+vN1CXKUDiSlUTa

Score

8^/10

execution

Malware Config

Targets

- Target
  
  xr miner.exe
- Size
  
  29.8MB
- MD5
  
  8c6ef23e59af6beccf80a34d46d352e4
- SHA1
  
  51db51ccb62843de50d22726f75be98742f166d4
- SHA256
  
  28c665278cb244896fb360cc5d2a773b0b75c4a334075ec6462e426a5ab91908
- SHA512
  
  3e1fc68353dbef2c073bb146df16aebfb1b180754e4af30c21b846e77739f298458d84c7e180680b9d6e95f2d8c9f3517d609efca2c8f8fd0e619106c72d03f8
- SSDEEP
  
  393216:dUhODqcltF1nEyaT+lYiUoxvC36/9xIyADAm+dfy5vN1fJhxUXpFWZ6Pys9HaF+X:dDqstzNs+SihxLQA+vN1CXKUDiSlUTa
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1