General

  • Target

    ICBM.exe

  • Size

    2.6MB

  • Sample

    241114-ca8tysskct

  • MD5

    13c55871a7000d181dcc71db3e39ba56

  • SHA1

    25acaf5c1050152516afce0f691603f6afcd576c

  • SHA256

    a3976438abc4e9b6f3e522cdcb7f8abed3056179bbf0513572629e0ea4e01232

  • SHA512

    0c8e1ba8e0d78539b9065a4cc8ec650878fb7125b9da4756fdd4a92c7b263765deda10adce47c35eda66c955e2c2ad496bcd36a9f003a032f51e5fb212efddef

  • SSDEEP

    49152:urwg7CJ8rSq4+igi2a9JNFmfRBTBmBvUFMgLpDCLshMygC9mClFOy:2wqmvB2MW0

Malware Config

Targets

    • Target

      ICBM.exe

    • Size

      2.6MB

    • MD5

      13c55871a7000d181dcc71db3e39ba56

    • SHA1

      25acaf5c1050152516afce0f691603f6afcd576c

    • SHA256

      a3976438abc4e9b6f3e522cdcb7f8abed3056179bbf0513572629e0ea4e01232

    • SHA512

      0c8e1ba8e0d78539b9065a4cc8ec650878fb7125b9da4756fdd4a92c7b263765deda10adce47c35eda66c955e2c2ad496bcd36a9f003a032f51e5fb212efddef

    • SSDEEP

      49152:urwg7CJ8rSq4+igi2a9JNFmfRBTBmBvUFMgLpDCLshMygC9mClFOy:2wqmvB2MW0

    • Modifies Windows Defender Real-time Protection settings

    • XMRig Miner payload

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Download via BitsAdmin

    • Event Triggered Execution: Image File Execution Options Injection

    • Modifies file permissions

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks