General
-
Target
86640812554f57f3da2bd09990bae0e97b37816d6a596deda525eeee5ddbe8cdN.exe
-
Size
7.1MB
-
Sample
241118-axrg3stkgw
-
MD5
55231a6c0f1ead3651b9a08116d91330
-
SHA1
4e5ac9c01dec0e15093de765cc4e188223d0fc9b
-
SHA256
86640812554f57f3da2bd09990bae0e97b37816d6a596deda525eeee5ddbe8cd
-
SHA512
b426dc3c2d13caff10764df5ed7cd9f67b2d65039d4020255d04477c2981064e378fda55e6621b7a9db08615d06356bd0902a85535c4d915a0f3a5d904dbedd3
-
SSDEEP
196608:byJz4+iEELvsczIKfBZ3lV9knt4pXTrCzFn:yE+jNgIKfBtfgtITO
Malware Config
Targets
-
-
Target
86640812554f57f3da2bd09990bae0e97b37816d6a596deda525eeee5ddbe8cdN.exe
-
Size
7.1MB
-
MD5
55231a6c0f1ead3651b9a08116d91330
-
SHA1
4e5ac9c01dec0e15093de765cc4e188223d0fc9b
-
SHA256
86640812554f57f3da2bd09990bae0e97b37816d6a596deda525eeee5ddbe8cd
-
SHA512
b426dc3c2d13caff10764df5ed7cd9f67b2d65039d4020255d04477c2981064e378fda55e6621b7a9db08615d06356bd0902a85535c4d915a0f3a5d904dbedd3
-
SSDEEP
196608:byJz4+iEELvsczIKfBZ3lV9knt4pXTrCzFn:yE+jNgIKfBtfgtITO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xmrig family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-