General

  • Target

    8c85440c62921c5f13105c06800d48d7c65094ae3dd54ecb8377fcc6f03cb503N

  • Size

    5.2MB

  • Sample

    241025-1gk88ssmel

  • MD5

    28507e76251d6b17e4ad52e570ea7430

  • SHA1

    b6ba870480bd4af5dae35e5dfaff7e2ae5724722

  • SHA256

    8c85440c62921c5f13105c06800d48d7c65094ae3dd54ecb8377fcc6f03cb503

  • SHA512

    eed4196ba21515365321049494a169160ce93551c58b36a136966598613b1e06cd0c6356843639d369be42db36514b9abbe0981ab57873c324c41e9fa1a00bc7

  • SSDEEP

    98304:Pe3+ZPTVjEdQELHktz69IGel/Rt+P2kdLYP70pywaa5FooIOzJpDRHqYd+OPxU12:P8+Wbkz69PelZQ5LF6oFlpNxdRq1mcu

Malware Config

Targets

    • Target

      8c85440c62921c5f13105c06800d48d7c65094ae3dd54ecb8377fcc6f03cb503N

    • Size

      5.2MB

    • MD5

      28507e76251d6b17e4ad52e570ea7430

    • SHA1

      b6ba870480bd4af5dae35e5dfaff7e2ae5724722

    • SHA256

      8c85440c62921c5f13105c06800d48d7c65094ae3dd54ecb8377fcc6f03cb503

    • SHA512

      eed4196ba21515365321049494a169160ce93551c58b36a136966598613b1e06cd0c6356843639d369be42db36514b9abbe0981ab57873c324c41e9fa1a00bc7

    • SSDEEP

      98304:Pe3+ZPTVjEdQELHktz69IGel/Rt+P2kdLYP70pywaa5FooIOzJpDRHqYd+OPxU12:P8+Wbkz69PelZQ5LF6oFlpNxdRq1mcu

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Stops running service(s)

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks