General

  • Target

    drop2.exe

  • Size

    2.5MB

  • Sample

    241118-lb98vatckf

  • MD5

    226eb2bbb97abbcabbd5bf08418cbe9c

  • SHA1

    53c7485db2e1acb4b70a0a277d58e9ffec8a050d

  • SHA256

    97e37eaf752b14313ee9aaa158f7028c092adeb4a902cb9618f58cffe29eeed2

  • SHA512

    ccdb91715dc244364ac80bf7dff4b971b4ce5473ebed7f59a3ac68c4b5b7c0919cadf352a64b008d2af8ce5081440119a4db55d7b208de94411761cb42ce055b

  • SSDEEP

    49152:8F6Y8mlBll44tW535rFyGAlvZVzfKQJYvDCZ3OL0WiqIZJdGUH1SOfSLA+DpHscK:TUBLTErFyGA1DJY7CZeL0WFwGUVSOf+b

Malware Config

Targets

    • Target

      drop2.exe

    • Size

      2.5MB

    • MD5

      226eb2bbb97abbcabbd5bf08418cbe9c

    • SHA1

      53c7485db2e1acb4b70a0a277d58e9ffec8a050d

    • SHA256

      97e37eaf752b14313ee9aaa158f7028c092adeb4a902cb9618f58cffe29eeed2

    • SHA512

      ccdb91715dc244364ac80bf7dff4b971b4ce5473ebed7f59a3ac68c4b5b7c0919cadf352a64b008d2af8ce5081440119a4db55d7b208de94411761cb42ce055b

    • SSDEEP

      49152:8F6Y8mlBll44tW535rFyGAlvZVzfKQJYvDCZ3OL0WiqIZJdGUH1SOfSLA+DpHscK:TUBLTErFyGA1DJY7CZeL0WFwGUVSOf+b

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Creates new service(s)

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks