General
-
Target
XeonV1.exe
-
Size
55KB
-
Sample
241224-ycqxtavnhs
-
MD5
27cf43587e38d4f262ae7324d09db221
-
SHA1
746ef1082175139efadd9316cbd2bb98e5c6b41e
-
SHA256
241795ffe4c6263f79c969214c7f2ff712ff1209bacd823e1423700ab8e0c841
-
SHA512
db0ea94dbfeda5c3eeff2c7e1f8d7a5e22a55b55fce9cf30b3a96795b0b185713ab64d16bc74d8bcc2f26ff13cc97dddcf9fa5613e1f2343a8609d81b60ba0d9
-
SSDEEP
768:oBFKm7cEFqzf0nQ5K++6TOAOCZ8vLDVr6Ypa2AvzKt3Df2UAG6F:oBFN7Szf1YlEOnCCvLp1pGC3D+UAGO
Malware Config
Targets
-
-
Target
XeonV1.exe
-
Size
55KB
-
MD5
27cf43587e38d4f262ae7324d09db221
-
SHA1
746ef1082175139efadd9316cbd2bb98e5c6b41e
-
SHA256
241795ffe4c6263f79c969214c7f2ff712ff1209bacd823e1423700ab8e0c841
-
SHA512
db0ea94dbfeda5c3eeff2c7e1f8d7a5e22a55b55fce9cf30b3a96795b0b185713ab64d16bc74d8bcc2f26ff13cc97dddcf9fa5613e1f2343a8609d81b60ba0d9
-
SSDEEP
768:oBFKm7cEFqzf0nQ5K++6TOAOCZ8vLDVr6Ypa2AvzKt3Df2UAG6F:oBFN7Szf1YlEOnCCvLp1pGC3D+UAGO
Score10/10-
Xmrig family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Power Settings
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1