General
-
Target
ICBM.exe
-
Size
2.6MB
-
Sample
241114-ca8tysskct
-
MD5
13c55871a7000d181dcc71db3e39ba56
-
SHA1
25acaf5c1050152516afce0f691603f6afcd576c
-
SHA256
a3976438abc4e9b6f3e522cdcb7f8abed3056179bbf0513572629e0ea4e01232
-
SHA512
0c8e1ba8e0d78539b9065a4cc8ec650878fb7125b9da4756fdd4a92c7b263765deda10adce47c35eda66c955e2c2ad496bcd36a9f003a032f51e5fb212efddef
-
SSDEEP
49152:urwg7CJ8rSq4+igi2a9JNFmfRBTBmBvUFMgLpDCLshMygC9mClFOy:2wqmvB2MW0
Static task
static1
Malware Config
Targets
-
-
Target
ICBM.exe
-
Size
2.6MB
-
MD5
13c55871a7000d181dcc71db3e39ba56
-
SHA1
25acaf5c1050152516afce0f691603f6afcd576c
-
SHA256
a3976438abc4e9b6f3e522cdcb7f8abed3056179bbf0513572629e0ea4e01232
-
SHA512
0c8e1ba8e0d78539b9065a4cc8ec650878fb7125b9da4756fdd4a92c7b263765deda10adce47c35eda66c955e2c2ad496bcd36a9f003a032f51e5fb212efddef
-
SSDEEP
49152:urwg7CJ8rSq4+igi2a9JNFmfRBTBmBvUFMgLpDCLshMygC9mClFOy:2wqmvB2MW0
-
XMRig Miner payload
-
Xmrig family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Download via BitsAdmin
-
Event Triggered Execution: Image File Execution Options Injection
-
Modifies file permissions
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
BITS Jobs
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Power Settings
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
BITS Jobs
1File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1