General

  • Target

    loader.exe

  • Size

    56.5MB

  • Sample

    241027-pl59esvqfs

  • MD5

    cb5704b35d6f1420581b825a8faee883

  • SHA1

    966b5157bd954ca13385db782b39ed56c5a52b9e

  • SHA256

    6cf2cd2b186c6d10c081cb5afe7689d52b3ccc3da937c920718724c26573946a

  • SHA512

    7276ed0bf256bc9895712c5de6d8c25851d867c62b2688d44e7cbd3ef63eeee0774345e3221665e3fb8e5a24343d7c45dafac7e308b1a67db24d8afab0ce91cb

  • SSDEEP

    786432:brZMUVo6ix6I/AXpORG0zC5lYSI0yhRaJ9r3uXSr7dcS1Se34sey66TM0Mg0G+/c:bAwIcpIGsERI0puXSr7qS1eGsO+/QD

Malware Config

Targets

    • Target

      loader.exe

    • Size

      56.5MB

    • MD5

      cb5704b35d6f1420581b825a8faee883

    • SHA1

      966b5157bd954ca13385db782b39ed56c5a52b9e

    • SHA256

      6cf2cd2b186c6d10c081cb5afe7689d52b3ccc3da937c920718724c26573946a

    • SHA512

      7276ed0bf256bc9895712c5de6d8c25851d867c62b2688d44e7cbd3ef63eeee0774345e3221665e3fb8e5a24343d7c45dafac7e308b1a67db24d8afab0ce91cb

    • SSDEEP

      786432:brZMUVo6ix6I/AXpORG0zC5lYSI0yhRaJ9r3uXSr7dcS1Se34sey66TM0Mg0G+/c:bAwIcpIGsERI0puXSr7qS1eGsO+/QD

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks