Overview

overview

10

Static

static

3

3829cf0007...f3.exe

windows7-x64

10

3829cf0007...f3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3829cf00079dd383532ac6637444081a9752f77d186dbdcbafcc44ddde0d9cf3

  • Size

    2.5MB

  • Sample

    241116-1xnz3atpg1

  • MD5

    9b1749c1bb9e8a354404b8a57de68ec6

  • SHA1

    4c8838d22efc926551be0e77ecd1e6a68e15f6c4

  • SHA256

    3829cf00079dd383532ac6637444081a9752f77d186dbdcbafcc44ddde0d9cf3

  • SHA512

    9e83796791fb49c0ee6592cad4a294b86eb6ec624385f3df8e040f9baf545071637167d4c5ee6e9da17aad4f96251fc09da71282ef7341f1d91d3fc78e2059ea

  • SSDEEP

    49152:4FUPj9hHjc2Hil9gJaEgCR37gGVMISw6RtmGNIOLD1ciNKWI2O6xYWb3Kuz/+n:77vHM9gJaFCRPS3f7LrrOaYY6u8

Score
10/10
xmrigevasionexecutionminerpersistenceupx

Malware Config

Targets

    • Target

      3829cf00079dd383532ac6637444081a9752f77d186dbdcbafcc44ddde0d9cf3

    • Size

      2.5MB

    • MD5

      9b1749c1bb9e8a354404b8a57de68ec6

    • SHA1

      4c8838d22efc926551be0e77ecd1e6a68e15f6c4

    • SHA256

      3829cf00079dd383532ac6637444081a9752f77d186dbdcbafcc44ddde0d9cf3

    • SHA512

      9e83796791fb49c0ee6592cad4a294b86eb6ec624385f3df8e040f9baf545071637167d4c5ee6e9da17aad4f96251fc09da71282ef7341f1d91d3fc78e2059ea

    • SSDEEP

      49152:4FUPj9hHjc2Hil9gJaEgCR37gGVMISw6RtmGNIOLD1ciNKWI2O6xYWb3Kuz/+n:77vHM9gJaFCRPS3f7LrrOaYY6u8

    Score
    10/10
    xmrigevasionexecutionminerpersistenceupx

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Creates new service(s)

      persistenceexecution

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks