General
-
Target
f751a533c9b74e296086f726155e0b4b5b4b339e771318b0abe6255ddba04094N
-
Size
5.5MB
-
Sample
241025-xh78lstbkb
-
MD5
88d4f016499352c4c85a23f2a4bfd990
-
SHA1
b8644cefd7655ff33792628373921a219b913cbd
-
SHA256
f751a533c9b74e296086f726155e0b4b5b4b339e771318b0abe6255ddba04094
-
SHA512
92ffaa7cd9a0c7ce831d0b99b43a4b0507a5dfbd65aa0357c6129fc1cfeaf0493bdfb626d2637b1a747e22e300cbbd8d0e268ea22b41726d601e26714720a3fc
-
SSDEEP
98304:KggSZTFznDHwE8oohoIgNgx+r3P4jw4fn9E32RW0O2gT/gQGhP3oFL6p4kvDZ/Hn:DgSZJznDHMo+JgNgx+r3P+e32BO2gjgj
Static task
static1
Behavioral task
behavioral1
Sample
f751a533c9b74e296086f726155e0b4b5b4b339e771318b0abe6255ddba04094N.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f751a533c9b74e296086f726155e0b4b5b4b339e771318b0abe6255ddba04094N
-
Size
5.5MB
-
MD5
88d4f016499352c4c85a23f2a4bfd990
-
SHA1
b8644cefd7655ff33792628373921a219b913cbd
-
SHA256
f751a533c9b74e296086f726155e0b4b5b4b339e771318b0abe6255ddba04094
-
SHA512
92ffaa7cd9a0c7ce831d0b99b43a4b0507a5dfbd65aa0357c6129fc1cfeaf0493bdfb626d2637b1a747e22e300cbbd8d0e268ea22b41726d601e26714720a3fc
-
SSDEEP
98304:KggSZTFznDHwE8oohoIgNgx+r3P4jw4fn9E32RW0O2gT/gQGhP3oFL6p4kvDZ/Hn:DgSZJznDHMo+JgNgx+r3P+e32BO2gjgj
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-