General

  • Target

    a074f13421954fe7e4a87b68d23179df440cc15b0aa3019752fdbece9379d9e7

  • Size

    5.8MB

  • Sample

    241027-sev2nawnfm

  • MD5

    190e68a764f232fa236a23317f80892b

  • SHA1

    a37b9e226334bc69abaacb539fb7ba9722831a76

  • SHA256

    a074f13421954fe7e4a87b68d23179df440cc15b0aa3019752fdbece9379d9e7

  • SHA512

    34c5d7d35a639a2c6ea183ad808a10bc0adaebf806975f6949da119c1d90c50f065b3d238a0bd6b7159394fe39a0322590fe229cae73f7c9cc393e721449c0a2

  • SSDEEP

    98304:ICAKtK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucmEyVHNJdNOD5A:I7ObErIYeQ3nEIsyU2Y48CeHxNV

Malware Config

Targets

    • Target

      a074f13421954fe7e4a87b68d23179df440cc15b0aa3019752fdbece9379d9e7

    • Size

      5.8MB

    • MD5

      190e68a764f232fa236a23317f80892b

    • SHA1

      a37b9e226334bc69abaacb539fb7ba9722831a76

    • SHA256

      a074f13421954fe7e4a87b68d23179df440cc15b0aa3019752fdbece9379d9e7

    • SHA512

      34c5d7d35a639a2c6ea183ad808a10bc0adaebf806975f6949da119c1d90c50f065b3d238a0bd6b7159394fe39a0322590fe229cae73f7c9cc393e721449c0a2

    • SSDEEP

      98304:ICAKtK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucmEyVHNJdNOD5A:I7ObErIYeQ3nEIsyU2Y48CeHxNV

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Drops file in Drivers directory

    • Stops running service(s)

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks