General

  • Target

    SecuriteInfo.com.Trojan.Siggen29.54948.7115.19193.exe

  • Size

    5.8MB

  • Sample

    241027-v66nkszfje

  • MD5

    c441be4f7fd0f07fdcf94657c624c3da

  • SHA1

    bedd1f5d2feb959599b370590f62f02cbb3d2d3f

  • SHA256

    47c6484dde4d9ca23a7667b1b71c5ed88d7cdd3dccf57485333ceda0153e5684

  • SHA512

    c753bfa2b84ea5dfc47dbe25b807af6dd7d79e53a780ef693052f0c5c774767ef5b277671b07c539132af11a56546de3dd18790ce3fb3c4f66ca63c6c17fd8ad

  • SSDEEP

    98304:wKDlzK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucxJixyWB5TU7NTJN1uy:waFbErIYeQ3nEIsyU2Y48CBh5TjY

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.Siggen29.54948.7115.19193.exe

    • Size

      5.8MB

    • MD5

      c441be4f7fd0f07fdcf94657c624c3da

    • SHA1

      bedd1f5d2feb959599b370590f62f02cbb3d2d3f

    • SHA256

      47c6484dde4d9ca23a7667b1b71c5ed88d7cdd3dccf57485333ceda0153e5684

    • SHA512

      c753bfa2b84ea5dfc47dbe25b807af6dd7d79e53a780ef693052f0c5c774767ef5b277671b07c539132af11a56546de3dd18790ce3fb3c4f66ca63c6c17fd8ad

    • SSDEEP

      98304:wKDlzK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucxJixyWB5TU7NTJN1uy:waFbErIYeQ3nEIsyU2Y48CBh5TjY

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Drops file in Drivers directory

    • Stops running service(s)

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks