General

  • Target

    ef17609407251ea015673a7b7401f75f1002e2c09c57f87f26673e6483b0221cN

  • Size

    2.0MB

  • Sample

    241027-g2qjxaslhk

  • MD5

    e00ed59cfc11b9867d52d6542d29ed60

  • SHA1

    e8dec15efa7455f629342563fd06b726041c79a6

  • SHA256

    ef17609407251ea015673a7b7401f75f1002e2c09c57f87f26673e6483b0221c

  • SHA512

    38afe3ce9e1ea2ed61b904844a97664e1df5d10382326c5e7a1a61cde838ccd51510ee5d0d01377c9685efd46686d1a0ac88767101a42d9957021b97df14c6ca

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoYtgW+hVkVoC2NCNt:Lz071uv4BPMkHC0IEFToF3aWlClO4D

Malware Config

Targets

    • Target

      ef17609407251ea015673a7b7401f75f1002e2c09c57f87f26673e6483b0221cN

    • Size

      2.0MB

    • MD5

      e00ed59cfc11b9867d52d6542d29ed60

    • SHA1

      e8dec15efa7455f629342563fd06b726041c79a6

    • SHA256

      ef17609407251ea015673a7b7401f75f1002e2c09c57f87f26673e6483b0221c

    • SHA512

      38afe3ce9e1ea2ed61b904844a97664e1df5d10382326c5e7a1a61cde838ccd51510ee5d0d01377c9685efd46686d1a0ac88767101a42d9957021b97df14c6ca

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoYtgW+hVkVoC2NCNt:Lz071uv4BPMkHC0IEFToF3aWlClO4D

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks