General
-
Target
a6ce588a83f2c77c794e3584e8ac44e472d26cf301bb2bf0468bcabae55070bc
-
Size
2.5MB
-
Sample
241118-vtflma1hpk
-
MD5
c9a04bf748d1ee29a43ac3f0ddace478
-
SHA1
891bd4e634a9c5fec1a3de80bff55c665236b58d
-
SHA256
a6ce588a83f2c77c794e3584e8ac44e472d26cf301bb2bf0468bcabae55070bc
-
SHA512
e17edb74f5cb4d8aabb4c775ec25a271f201da3adcb03541b1919526c0939694a768affc21c3066327e57c13bc9bb481074e51e4e78867df847b26f063b4c115
-
SSDEEP
49152:b+p9UJkdNaeuRgsJ9pddphet67LGZvTuD/jhLD/6dUJBrb9IqepaBK:b+QJkwgsLDdpg5ZqrhLDSdUJBrRI1
Malware Config
Targets
-
-
Target
a6ce588a83f2c77c794e3584e8ac44e472d26cf301bb2bf0468bcabae55070bc
-
Size
2.5MB
-
MD5
c9a04bf748d1ee29a43ac3f0ddace478
-
SHA1
891bd4e634a9c5fec1a3de80bff55c665236b58d
-
SHA256
a6ce588a83f2c77c794e3584e8ac44e472d26cf301bb2bf0468bcabae55070bc
-
SHA512
e17edb74f5cb4d8aabb4c775ec25a271f201da3adcb03541b1919526c0939694a768affc21c3066327e57c13bc9bb481074e51e4e78867df847b26f063b4c115
-
SSDEEP
49152:b+p9UJkdNaeuRgsJ9pddphet67LGZvTuD/jhLD/6dUJBrb9IqepaBK:b+QJkwgsLDdpg5ZqrhLDSdUJBrRI1
Score10/10-
Xmrig family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-