General

  • Target

    658a6a072efe4e110cf1bcacb8361192b3d62387fab0fbc294eed6903568b144N

  • Size

    3.9MB

  • Sample

    241027-nw2hjsvng1

  • MD5

    413ae52d8a8a3882bb45176d2253b8d0

  • SHA1

    3b213febf0f9e83f16ea3ad6794edecc3de70afc

  • SHA256

    658a6a072efe4e110cf1bcacb8361192b3d62387fab0fbc294eed6903568b144

  • SHA512

    44c484930978adbd67946fe36d4d8209e7235b8eb669f60b1a2617b95f55a589bc73fc696c0100dad0e9950edab09c6154675605e74e04bccd52899d38f19b58

  • SSDEEP

    98304:/MDtIXLr06AdfEThF35PzuFW+Wu+cT17Ykmc8TMGbTiK7TLeLT+4mT+4HnNhNB/U:prmEdF35+CiXzjx

Malware Config

Targets

    • Target

      658a6a072efe4e110cf1bcacb8361192b3d62387fab0fbc294eed6903568b144N

    • Size

      3.9MB

    • MD5

      413ae52d8a8a3882bb45176d2253b8d0

    • SHA1

      3b213febf0f9e83f16ea3ad6794edecc3de70afc

    • SHA256

      658a6a072efe4e110cf1bcacb8361192b3d62387fab0fbc294eed6903568b144

    • SHA512

      44c484930978adbd67946fe36d4d8209e7235b8eb669f60b1a2617b95f55a589bc73fc696c0100dad0e9950edab09c6154675605e74e04bccd52899d38f19b58

    • SSDEEP

      98304:/MDtIXLr06AdfEThF35PzuFW+Wu+cT17Ykmc8TMGbTiK7TLeLT+4mT+4HnNhNB/U:prmEdF35+CiXzjx

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks