General

  • Target

    iexplore.exe

  • Size

    3.4MB

  • Sample

    241025-kznjbaycpk

  • MD5

    0aedbc463f80287995ce4dfb15d4f462

  • SHA1

    52dc33c02c89c0d4856318e269d05f1c528c7b67

  • SHA256

    567a887b5afe544c00a412cdddb308169bdb3dce7c777689e346cf1875ce324f

  • SHA512

    63692faacb32d35c9720ed5c54f41c4e0ec05ca96fe328cacf018c4cc44985594e2cacd2ab8ce8183ebd46b69b134402f7b1846d0a526e50d083bff1d53b318a

  • SSDEEP

    98304:Hz/V5usnMKNZ7aFRjMC8gsFnWmHXKG4HF1QY:Hz/ruFAcdqd1aGoF13

Malware Config

Targets

    • Target

      iexplore.exe

    • Size

      3.4MB

    • MD5

      0aedbc463f80287995ce4dfb15d4f462

    • SHA1

      52dc33c02c89c0d4856318e269d05f1c528c7b67

    • SHA256

      567a887b5afe544c00a412cdddb308169bdb3dce7c777689e346cf1875ce324f

    • SHA512

      63692faacb32d35c9720ed5c54f41c4e0ec05ca96fe328cacf018c4cc44985594e2cacd2ab8ce8183ebd46b69b134402f7b1846d0a526e50d083bff1d53b318a

    • SSDEEP

      98304:Hz/V5usnMKNZ7aFRjMC8gsFnWmHXKG4HF1QY:Hz/ruFAcdqd1aGoF13

    • Disables service(s)

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks