Overview

overview

10

Static

static

10

9f1fde2cd7...fc.exe

windows7-x64

10

9f1fde2cd7...fc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f1fde2cd71e2b76879510aa1507aaa20a21accac8099e117d76006aab55a1fc.exe

  • Size

    1.3MB

  • Sample

    241218-b75m5axlct

  • MD5

    bc6268f580d49a26935c423b9375ad93

  • SHA1

    6b02a73b20024dfff908e6fb29c58983ac8aa6da

  • SHA256

    9f1fde2cd71e2b76879510aa1507aaa20a21accac8099e117d76006aab55a1fc

  • SHA512

    8bba2070f3225fd393527e2a34956e808141f0790130fa3b4f8fb140e999cc11824bdffd4cc82c0b4ed10d1ea85dfda59faa88d5fe4857bd3813ffeb5a487058

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYVfp1cnAfSlWhdbOgs:Lz071uv4BPMkibTIA5VDSl+Ogs

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      9f1fde2cd71e2b76879510aa1507aaa20a21accac8099e117d76006aab55a1fc.exe

    • Size

      1.3MB

    • MD5

      bc6268f580d49a26935c423b9375ad93

    • SHA1

      6b02a73b20024dfff908e6fb29c58983ac8aa6da

    • SHA256

      9f1fde2cd71e2b76879510aa1507aaa20a21accac8099e117d76006aab55a1fc

    • SHA512

      8bba2070f3225fd393527e2a34956e808141f0790130fa3b4f8fb140e999cc11824bdffd4cc82c0b4ed10d1ea85dfda59faa88d5fe4857bd3813ffeb5a487058

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYVfp1cnAfSlWhdbOgs:Lz071uv4BPMkibTIA5VDSl+Ogs

    Score
    10/10
    xmrigexecutionminerupx

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks