Overview

overview

10

Static

static

3

Cursed Predictor.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cursed Predictor.exe

  • Size

    2.2MB

  • Sample

    241117-11fg4azamd

  • MD5

    4bac19442ed88bfcdca107b18824bfd4

  • SHA1

    880fb3e65ae6eb75a7c868da907ae9f6dc7a844b

  • SHA256

    bb84703780bd730fe535d2c07382c46b15be3ecd61cc0480bba49390fbe8ac8a

  • SHA512

    7f242b259aff40ceac205d2bd9bb8ab05c4d381e432684b9f04dffa2b39e43fb928fa114ab1ab0b431654119694afa60261b50e28ad843e6662bb0ea2c64fd9a

  • SSDEEP

    49152:dArx5TeQSNLnz2qOkubr6iAeDP1MU1ya4ErLo:qVEQSNXOjAeiU1yDErM

Score
10/10
xmrigexecutionminer

Malware Config

Targets

    • Target

      Cursed Predictor.exe

    • Size

      2.2MB

    • MD5

      4bac19442ed88bfcdca107b18824bfd4

    • SHA1

      880fb3e65ae6eb75a7c868da907ae9f6dc7a844b

    • SHA256

      bb84703780bd730fe535d2c07382c46b15be3ecd61cc0480bba49390fbe8ac8a

    • SHA512

      7f242b259aff40ceac205d2bd9bb8ab05c4d381e432684b9f04dffa2b39e43fb928fa114ab1ab0b431654119694afa60261b50e28ad843e6662bb0ea2c64fd9a

    • SSDEEP

      49152:dArx5TeQSNLnz2qOkubr6iAeDP1MU1ya4ErLo:qVEQSNXOjAeiU1yDErM

    Score
    10/10
    xmrigexecutionminer

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks