Overview

overview

10

Static

static

10

d959030bdd...1N.exe

windows7-x64

10

d959030bdd...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d959030bddba0965b25fb2dcbc5b3b30c74d95e2716924de951420f32d392a01N.exe

  • Size

    1.6MB

  • Sample

    241118-z27gjazqdn

  • MD5

    b4eafd46595eef3fc81f73a40ea52f00

  • SHA1

    9b5c15db12b0b65bbbc28e8a46e41e2a187d0284

  • SHA256

    d959030bddba0965b25fb2dcbc5b3b30c74d95e2716924de951420f32d392a01

  • SHA512

    1fbf2317f1dcb726fd00ab5b9298fc7bdcd44084426ceee0a404851a4c84980663b0502f0184e2cdb833f61e09ec60c10c03ec53609c702afa56f4b9d8d3f4ce

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHqh:NABW

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      d959030bddba0965b25fb2dcbc5b3b30c74d95e2716924de951420f32d392a01N.exe

    • Size

      1.6MB

    • MD5

      b4eafd46595eef3fc81f73a40ea52f00

    • SHA1

      9b5c15db12b0b65bbbc28e8a46e41e2a187d0284

    • SHA256

      d959030bddba0965b25fb2dcbc5b3b30c74d95e2716924de951420f32d392a01

    • SHA512

      1fbf2317f1dcb726fd00ab5b9298fc7bdcd44084426ceee0a404851a4c84980663b0502f0184e2cdb833f61e09ec60c10c03ec53609c702afa56f4b9d8d3f4ce

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHqh:NABW

    Score
    10/10
    xmrigexecutionminerupx

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks