Overview

overview

10

Static

static

3

ICBM.exe

windows7-x64

1

ICBM.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ICBM.exe

  • Size

    2.4MB

  • Sample

    241101-hk611awpbx

  • MD5

    3dfd4a0c8e6c5568c338777ccc6fc37e

  • SHA1

    58ad52f683e605c371fbe493b077b4c3ebbe24e2

  • SHA256

    8c7c91623a101b7607bf30acb8f6794411f366c538ba807687aaefba831754f4

  • SHA512

    9a7b47107bbfbaa0a1e1377a35d5b9caf448ca1645a0c51807d81327ec5d6a5eb7c7b606ba54abbcfc2677c2ea7a414176ec26eda584a71b30c68330e64204b6

  • SSDEEP

    49152:g5B1OWKqu3Keth/qx5yzjTv9u1KRrbY2mdBO0XRlh1:A/UytDdT1

Score
10/10
xmrigdropperevasionexecutionminertrojan

Malware Config

Targets

    • Target

      ICBM.exe

    • Size

      2.4MB

    • MD5

      3dfd4a0c8e6c5568c338777ccc6fc37e

    • SHA1

      58ad52f683e605c371fbe493b077b4c3ebbe24e2

    • SHA256

      8c7c91623a101b7607bf30acb8f6794411f366c538ba807687aaefba831754f4

    • SHA512

      9a7b47107bbfbaa0a1e1377a35d5b9caf448ca1645a0c51807d81327ec5d6a5eb7c7b606ba54abbcfc2677c2ea7a414176ec26eda584a71b30c68330e64204b6

    • SSDEEP

      49152:g5B1OWKqu3Keth/qx5yzjTv9u1KRrbY2mdBO0XRlh1:A/UytDdT1

    Score
    10/10
    xmrigdropperevasionexecutionminertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • XMRig Miner payload

      miner

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Download via BitsAdmin

      dropper

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks