General

  • Target

    b1636448566aac1928012498d260aae0b3e354a66e658a441f3601dae2ce9f0e

  • Size

    2.4MB

  • Sample

    241110-b8gmpaxblg

  • MD5

    203224c1e15dd121ef53d0d2ca3e4528

  • SHA1

    d48368e00aee219bfd7819df3508c0b056c4f2dd

  • SHA256

    b1636448566aac1928012498d260aae0b3e354a66e658a441f3601dae2ce9f0e

  • SHA512

    7db1e267863169ccd9c65c4e5d07e2b453830ecb9ce61f5c2580898dbf3ab500a7a5ae5732d0e9099f437bd37bc4f291fdb4894fe1bc0b1515a4ada9199f95ee

  • SSDEEP

    49152:QrWh7oYkqiiVJb8njS6EUn8zwnTxREgdlzAYn+BYH:Qc/4q8ESlz9

Malware Config

Targets

    • Target

      b1636448566aac1928012498d260aae0b3e354a66e658a441f3601dae2ce9f0e

    • Size

      2.4MB

    • MD5

      203224c1e15dd121ef53d0d2ca3e4528

    • SHA1

      d48368e00aee219bfd7819df3508c0b056c4f2dd

    • SHA256

      b1636448566aac1928012498d260aae0b3e354a66e658a441f3601dae2ce9f0e

    • SHA512

      7db1e267863169ccd9c65c4e5d07e2b453830ecb9ce61f5c2580898dbf3ab500a7a5ae5732d0e9099f437bd37bc4f291fdb4894fe1bc0b1515a4ada9199f95ee

    • SSDEEP

      49152:QrWh7oYkqiiVJb8njS6EUn8zwnTxREgdlzAYn+BYH:Qc/4q8ESlz9

    • Modifies Windows Defender Real-time Protection settings

    • XMRig Miner payload

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Download via BitsAdmin

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks