General
-
Target
loader.exe
-
Size
56.5MB
-
Sample
241027-pl59esvqfs
-
MD5
cb5704b35d6f1420581b825a8faee883
-
SHA1
966b5157bd954ca13385db782b39ed56c5a52b9e
-
SHA256
6cf2cd2b186c6d10c081cb5afe7689d52b3ccc3da937c920718724c26573946a
-
SHA512
7276ed0bf256bc9895712c5de6d8c25851d867c62b2688d44e7cbd3ef63eeee0774345e3221665e3fb8e5a24343d7c45dafac7e308b1a67db24d8afab0ce91cb
-
SSDEEP
786432:brZMUVo6ix6I/AXpORG0zC5lYSI0yhRaJ9r3uXSr7dcS1Se34sey66TM0Mg0G+/c:bAwIcpIGsERI0puXSr7qS1eGsO+/QD
Static task
static1
Behavioral task
behavioral1
Sample
loader.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
loader.exe
-
Size
56.5MB
-
MD5
cb5704b35d6f1420581b825a8faee883
-
SHA1
966b5157bd954ca13385db782b39ed56c5a52b9e
-
SHA256
6cf2cd2b186c6d10c081cb5afe7689d52b3ccc3da937c920718724c26573946a
-
SHA512
7276ed0bf256bc9895712c5de6d8c25851d867c62b2688d44e7cbd3ef63eeee0774345e3221665e3fb8e5a24343d7c45dafac7e308b1a67db24d8afab0ce91cb
-
SSDEEP
786432:brZMUVo6ix6I/AXpORG0zC5lYSI0yhRaJ9r3uXSr7dcS1Se34sey66TM0Mg0G+/c:bAwIcpIGsERI0puXSr7qS1eGsO+/QD
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
2Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1