Overview

overview

10

Static

static

3

HealthTool.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HealthTool.exe

  • Size

    5.0MB

  • Sample

    241115-apjr9svnbw

  • MD5

    1fab11def99e3bb2401acb5dc50ce122

  • SHA1

    8239507bb7145cace5a6f796a6f9f617c50fd2ce

  • SHA256

    8a1f1f960a33f8280642bcc403f7511f138beb4db00bd12bbecb998e7b01735a

  • SHA512

    a29ce741022e8184b139ef2a0916c3e6cedede461cc7b0d3ac8fd2540c7452e301ad1b2e4e14d5944816789dc212eb376709a461d59c957f3ae35f495d14d98a

  • SSDEEP

    98304:+Y3VyfY4qJnswUj0YPE2+tki8VcV3QMzyaogtIti+799+Ikde8ex8xcJs:+TsuM2PQ7ogn+799+xdAJs

Score
10/10
xmrigevasionexecutionminerpersistence

Malware Config

Targets

    • Target

      HealthTool.exe

    • Size

      5.0MB

    • MD5

      1fab11def99e3bb2401acb5dc50ce122

    • SHA1

      8239507bb7145cace5a6f796a6f9f617c50fd2ce

    • SHA256

      8a1f1f960a33f8280642bcc403f7511f138beb4db00bd12bbecb998e7b01735a

    • SHA512

      a29ce741022e8184b139ef2a0916c3e6cedede461cc7b0d3ac8fd2540c7452e301ad1b2e4e14d5944816789dc212eb376709a461d59c957f3ae35f495d14d98a

    • SSDEEP

      98304:+Y3VyfY4qJnswUj0YPE2+tki8VcV3QMzyaogtIti+799+Ikde8ex8xcJs:+TsuM2PQ7ogn+799+xdAJs

    Score
    10/10
    xmrigevasionexecutionminerpersistence

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Creates new service(s)

      persistenceexecution

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks