General
-
Target
c7eaff9d735d8eef42c73be4c093f7b31cf7d0df18c98d135eb915c13409d077.exe
-
Size
3.8MB
-
Sample
241107-yxq4ba1jcn
-
MD5
f6814a59c53218b84eb943ef07fcb74c
-
SHA1
27aa1ad8dbe7040e9ba2a1499ef4ce0117728f6d
-
SHA256
c7eaff9d735d8eef42c73be4c093f7b31cf7d0df18c98d135eb915c13409d077
-
SHA512
41c09fdde4db7c074eeddb16a4a1716aa40e27b32cff2ce3cb0b466a357edd30d4390d6832bfe021f49638bc0bdd6697141cab6b67f7d58fd5f06efbfabc6264
-
SSDEEP
98304:fyzs10ZzmBarm735MyHkWKA7kFCQi7MahHr5Gt40JY8:fyQfBamD5QM7Mms4ah
Static task
static1
Behavioral task
behavioral1
Sample
c7eaff9d735d8eef42c73be4c093f7b31cf7d0df18c98d135eb915c13409d077.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c7eaff9d735d8eef42c73be4c093f7b31cf7d0df18c98d135eb915c13409d077.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://k2ygoods.ydns.eu/power.txt
Targets
-
-
Target
c7eaff9d735d8eef42c73be4c093f7b31cf7d0df18c98d135eb915c13409d077.exe
-
Size
3.8MB
-
MD5
f6814a59c53218b84eb943ef07fcb74c
-
SHA1
27aa1ad8dbe7040e9ba2a1499ef4ce0117728f6d
-
SHA256
c7eaff9d735d8eef42c73be4c093f7b31cf7d0df18c98d135eb915c13409d077
-
SHA512
41c09fdde4db7c074eeddb16a4a1716aa40e27b32cff2ce3cb0b466a357edd30d4390d6832bfe021f49638bc0bdd6697141cab6b67f7d58fd5f06efbfabc6264
-
SSDEEP
98304:fyzs10ZzmBarm735MyHkWKA7kFCQi7MahHr5Gt40JY8:fyQfBamD5QM7Mms4ah
-
XMRig Miner payload
-
Xmrig family
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1