Overview

overview

10

Static

static

3

19-12-2024...kj.zip

windows7-x64

10

19-12-2024...kj.zip

windows10-2004-x64

1

Bootstrapper.exe

windows7-x64

6

Bootstrapper.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19-12-2024_UqVE2XPvW38Pgkj.zip

  • Size

    4.3MB

  • Sample

    241219-q73k4atnhx

  • MD5

    cf356b163f946dc2f16d95febf45a583

  • SHA1

    e7c8e964c23f86765d729b82d3140604bb00cb7c

  • SHA256

    50d3bf20e1534889385de4b8d780a750c9d37a75c941ffae6dd961caef2eb325

  • SHA512

    baa6367011ebda751fe7ef40a49f99e96c5daf19e068b02b2cdf564477f17a792a9dc0887b9723208d0c49d55a7e1c501723643d12fee8c8dcd0d1406e65be2d

  • SSDEEP

    98304:YIv1mD5TqdFfK4iBOqWh3tWyfzbgwgGP7OZlGWwCR6t+uWiPBt1KP:YIdmFkF7iMtWKzkwgh1wc6t+cBS

Score
10/10
xmrigdefense_evasiondiscoveryevasionexecutionminerpersistenceupx

Malware Config

Targets

    • Target

      19-12-2024_UqVE2XPvW38Pgkj.zip

    • Size

      4.3MB

    • MD5

      cf356b163f946dc2f16d95febf45a583

    • SHA1

      e7c8e964c23f86765d729b82d3140604bb00cb7c

    • SHA256

      50d3bf20e1534889385de4b8d780a750c9d37a75c941ffae6dd961caef2eb325

    • SHA512

      baa6367011ebda751fe7ef40a49f99e96c5daf19e068b02b2cdf564477f17a792a9dc0887b9723208d0c49d55a7e1c501723643d12fee8c8dcd0d1406e65be2d

    • SSDEEP

      98304:YIv1mD5TqdFfK4iBOqWh3tWyfzbgwgGP7OZlGWwCR6t+uWiPBt1KP:YIdmFkF7iMtWKzkwgh1wc6t+cBS

    Score
    10/10
    xmrigdefense_evasiondiscoveryevasionexecutionminerpersistenceupx

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Creates new service(s)

      persistenceexecution

    • Drops file in Drivers directory

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      Bootstrapper.exe

    • Size

      5.1MB

    • MD5

      d15c24a478c313ede9d4ad03a4164f8a

    • SHA1

      aceaa3800a3c042243e39b1235b7c1eef338e90f

    • SHA256

      87e35093021944aa354666c0f7b594f4414e2c29a2da69f62a427ed56f91d2b1

    • SHA512

      2b373ab102ba01bbb119f2e08daac38cb3f90939be0474c6086eb2d6e64eead65b41b8a818f464248b67973539b5de879844fe4175268ae8db808230480fea40

    • SSDEEP

      98304:0m4Qu+5piXB4eQXpj7hSMlQ49iHnM5o7cXFX8wE8PC9iNmoOqgULyQqgYVJEN:0m4QZzjVp8i9pkrIC92ngUL5q1E

    Score
    7/10
    defense_evasiondiscovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks