Overview

overview

10

Static

static

3

a6ce588a83...bc.exe

windows7-x64

10

a6ce588a83...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9a04bf748d1ee29a43ac3f0ddace478.bin

  • Size

    2.1MB

  • Sample

    241119-b6ncfstmeq

  • MD5

    a01799a0bb436cf7881d5367b6e0ad66

  • SHA1

    9448033ec880154df409618b0d6a0097d746f66e

  • SHA256

    d22c8a9b460b0abb3f2252399e917c1b8c255f36f2208acc279463ab4ae311be

  • SHA512

    658d58d514f7e245eea77866678757b106ec16f074e1b95ca8bd51da58431779b3800372e893647a54370d372f6e9e339981f70bc390eb2959a988f945fe1ef1

  • SSDEEP

    49152:nhCPkZtFcKHWb9Shmg6HK/oQlON4zHdaN6vHyTH5deUyVMJ91WiyvE8HowYY:8cdcKHWbYmgEKwSzCH5YGJHQ/H7YY

Score
10/10
xmrigevasionexecutionminerpersistenceupx

Malware Config

Targets

    • Target

      a6ce588a83f2c77c794e3584e8ac44e472d26cf301bb2bf0468bcabae55070bc.exe

    • Size

      2.5MB

    • MD5

      c9a04bf748d1ee29a43ac3f0ddace478

    • SHA1

      891bd4e634a9c5fec1a3de80bff55c665236b58d

    • SHA256

      a6ce588a83f2c77c794e3584e8ac44e472d26cf301bb2bf0468bcabae55070bc

    • SHA512

      e17edb74f5cb4d8aabb4c775ec25a271f201da3adcb03541b1919526c0939694a768affc21c3066327e57c13bc9bb481074e51e4e78867df847b26f063b4c115

    • SSDEEP

      49152:b+p9UJkdNaeuRgsJ9pddphet67LGZvTuD/jhLD/6dUJBrb9IqepaBK:b+QJkwgsLDdpg5ZqrhLDSdUJBrRI1

    Score
    10/10
    xmrigevasionexecutionminerpersistenceupx

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Creates new service(s)

      persistenceexecution

    • Drops file in Drivers directory

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks