Overview

overview

10

Static

static

10

b95b009bde...6N.exe

windows7-x64

10

b95b009bde...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe

  • Size

    1.9MB

  • Sample

    241125-2dr32swpeq

  • MD5

    8674ea8506502b79c6965b7daf093e10

  • SHA1

    da78c4ade02f116b6deff9e56f476ca6c62d3382

  • SHA256

    b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6

  • SHA512

    496ca766c2aaf396d349cbb48285f266feb6722dfd3fb10a55238f8af250ea283c44376c977f6cd5b17b01e90b5928f5cb7ad4b086001e4eecac11deba732aa5

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCB2lUj:NABQ

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe

    • Size

      1.9MB

    • MD5

      8674ea8506502b79c6965b7daf093e10

    • SHA1

      da78c4ade02f116b6deff9e56f476ca6c62d3382

    • SHA256

      b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6

    • SHA512

      496ca766c2aaf396d349cbb48285f266feb6722dfd3fb10a55238f8af250ea283c44376c977f6cd5b17b01e90b5928f5cb7ad4b086001e4eecac11deba732aa5

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCB2lUj:NABQ

    Score
    10/10
    xmrigexecutionminerupx

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks