General
-
Target
e2cbf154467a2592dfa9e86d6563f0d0d07ac148140ab2eac81790e916b1c4fb.exe
-
Size
5.8MB
-
Sample
241014-sv3fns1gla
-
MD5
6c5765152f9720727f9693288b34a8b6
-
SHA1
eabde5cbe6cd8de622dab56e892cd5f7a7373143
-
SHA256
e2cbf154467a2592dfa9e86d6563f0d0d07ac148140ab2eac81790e916b1c4fb
-
SHA512
9ecedd98e13dd27a92025e6e58cebfdc4f578cc97a2fc0daa3d2e4b13de08bf1f36f00cdee8c0ffb7de203a116f915e5d5cd067d8d3954c00a8a4b8c6378ccf4
-
SSDEEP
98304:/YknE60QvK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucb0hCH2:/xnh0sbErIYeQ3nEIsyU2Y48CSi
Malware Config
Targets
-
-
Target
e2cbf154467a2592dfa9e86d6563f0d0d07ac148140ab2eac81790e916b1c4fb.exe
-
Size
5.8MB
-
MD5
6c5765152f9720727f9693288b34a8b6
-
SHA1
eabde5cbe6cd8de622dab56e892cd5f7a7373143
-
SHA256
e2cbf154467a2592dfa9e86d6563f0d0d07ac148140ab2eac81790e916b1c4fb
-
SHA512
9ecedd98e13dd27a92025e6e58cebfdc4f578cc97a2fc0daa3d2e4b13de08bf1f36f00cdee8c0ffb7de203a116f915e5d5cd067d8d3954c00a8a4b8c6378ccf4
-
SSDEEP
98304:/YknE60QvK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucb0hCH2:/xnh0sbErIYeQ3nEIsyU2Y48CSi
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-