General
-
Target
0eb3f632d325e702d19cb0cd532ed0cffdeb571c5d8e9832c84f7bafc695a280N.exe
-
Size
5.6MB
-
Sample
241125-17ty3ayrbs
-
MD5
a9834311b7cb8589e80cec983a492340
-
SHA1
cb46d612a27726f634810782e2525da9413a3482
-
SHA256
0eb3f632d325e702d19cb0cd532ed0cffdeb571c5d8e9832c84f7bafc695a280
-
SHA512
da12bef0ea540c336c4e0710d102a9b78c77f8e41119da06bb5a19647ffa35f1da685bca1193cecb7bebf9da90730fb33a8ed26c6199becaae603cb28290fc3d
-
SSDEEP
98304:KggSZTFznDHwE8oohoIgNgx+r3P4jw4fn9E32RW0O2gT/gQGhP3oFL6p4kvDZ/Hn:DgSZJznDHMo+JgNgx+r3P+e32BO2gjgj
Malware Config
Targets
-
-
Target
0eb3f632d325e702d19cb0cd532ed0cffdeb571c5d8e9832c84f7bafc695a280N.exe
-
Size
5.6MB
-
MD5
a9834311b7cb8589e80cec983a492340
-
SHA1
cb46d612a27726f634810782e2525da9413a3482
-
SHA256
0eb3f632d325e702d19cb0cd532ed0cffdeb571c5d8e9832c84f7bafc695a280
-
SHA512
da12bef0ea540c336c4e0710d102a9b78c77f8e41119da06bb5a19647ffa35f1da685bca1193cecb7bebf9da90730fb33a8ed26c6199becaae603cb28290fc3d
-
SSDEEP
98304:KggSZTFznDHwE8oohoIgNgx+r3P4jw4fn9E32RW0O2gT/gQGhP3oFL6p4kvDZ/Hn:DgSZJznDHMo+JgNgx+r3P+e32BO2gjgj
Score10/10-
Xmrig family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Stops running service(s)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-