General

  • Target

    COMSurrogate.exe

  • Size

    164KB

  • Sample

    241203-l8ajgswmgm

  • MD5

    77334f046a50530cdc6e585e59165264

  • SHA1

    657a584eafe86df36e719526d445b570e135d217

  • SHA256

    eb6c487307c52793e0bc4d6a74770bbea2322f32edc466b25abacec3dd0e9c08

  • SHA512

    97936dd74d7eef8d69dae0d83b6d1554bd54d5302b5b2ff886ff66c040b083d7d086089de12b57a491cf7269a7d076e4d2a52839aaac519386b77297bc3a5c90

  • SSDEEP

    3072:DlxjOCto1mb719Iz9cIp23YWMBjk3RzYISn7ApmHVVjKu:5xjD+sF9IKIgnwkRUbAI1F

Malware Config

Targets

    • Target

      COMSurrogate.exe

    • Size

      164KB

    • MD5

      77334f046a50530cdc6e585e59165264

    • SHA1

      657a584eafe86df36e719526d445b570e135d217

    • SHA256

      eb6c487307c52793e0bc4d6a74770bbea2322f32edc466b25abacec3dd0e9c08

    • SHA512

      97936dd74d7eef8d69dae0d83b6d1554bd54d5302b5b2ff886ff66c040b083d7d086089de12b57a491cf7269a7d076e4d2a52839aaac519386b77297bc3a5c90

    • SSDEEP

      3072:DlxjOCto1mb719Iz9cIp23YWMBjk3RzYISn7ApmHVVjKu:5xjD+sF9IKIgnwkRUbAI1F

    • TA505

      Cybercrime group active since 2015, responsible for families like Dridex and Locky.

    • Ta505 family

    • XMRig Miner payload

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks