General

  • Target

    WinS.zip

  • Size

    4.2MB

  • Sample

    241027-mswmfsvjcl

  • MD5

    07cf4aa9a4301aa1d5239a5a71b9e748

  • SHA1

    ac5c1e8d35d39916df486f9b360c642f9c925b7f

  • SHA256

    795d0a91a62da5707248580ac1dad46701a693925572f091107227272d354ee5

  • SHA512

    3b5f64f77107a6ffa3f65785974435d91cc38f2651a463c31492ec265c4dbd6a6eb89a964cd3127bf2ae915dda6ee717c559577460a3983871f62673f46f4658

  • SSDEEP

    98304:DFe7NaiwolmCpJ2O39a254dL0vjX5MkbIIfKPq7kk/E98:A74oEi2O3M86L0b5FvfKPGLG8

Score
10/10

Malware Config

Targets

    • Target

      WinS/WinRing0x64.sys

    • Size

      14KB

    • MD5

      0c0195c48b6b8582fa6f6373032118da

    • SHA1

      d25340ae8e92a6d29f599fef426a2bc1b5217299

    • SHA256

      11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

    • SHA512

      ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d

    • SSDEEP

      192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ

    Score
    1/10
    • Target

      WinS/wd.bat

    • Size

      383B

    • MD5

      479988fe0741ba53d6682562377fbee6

    • SHA1

      b56e82fe314d82adbb8f50c1669eda87e4a6a7e1

    • SHA256

      490c8ef0d7aa7daa4255ff0792e4ba8d5edad5e2f8ab032da1ac77019a207146

    • SHA512

      5fe6e34f13cb63dc9ceee13546d02b2d0c024668a30d35047fa44791481e8845c9fa4e05da64f7b5724ed8ac8b15f4e48c6f7c14b4e93dea6d1e690bc9cde0c2

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Target

      WinS/wmpnetwk.exe

    • Size

      323KB

    • MD5

      beceae2fdc4f7729a93e94ac2ccd78cc

    • SHA1

      47c112c23c7bdf2af24a20bd512f91ff6af76bc6

    • SHA256

      f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97

    • SHA512

      073f5ae0d4ffedb5edb3b92b8e19bea2c482a3ad7ab02ed71955d3e55aa44a297307fe4334d28c6f7683cb02d40b4313e560c9049507b16a8c5d6ee0a0f0071f

    • SSDEEP

      6144:yejl5QCuDlXW4+DiErv2yKU9pclGrDkXNBe:vl5QCKdW4+DiNlXNBe

    Score
    1/10
    • Target

      WinS/xcopy.exe

    • Size

      4.1MB

    • MD5

      8b2bee1b859c3a85195f639a6365609f

    • SHA1

      415ee3c194ca9243bee87cb2c4e95de5e9ac9758

    • SHA256

      5a496193f23e27ee2b8609cdfec370ab7aeed05983ca851ef8502196ee0e1c18

    • SHA512

      b9df2cb6ffe1a6288fc6969ecb0db5bd70805f57b7c4e699ff3a60f106ef61beaaff4848eae623d03b3c255fc9dcc9804e09001ced050816e5303c21a641ea79

    • SSDEEP

      98304:EOr3T+fANpnZpbmysbqxoCRS7BKtztkpOhJ64F7bN2N9a6nX:EODyYNpPrsbqxoCUVK9tkpOjbRbUa6nX

    Score
    10/10
    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks