General
-
Target
50ae56d020d35a747bdf32acbd7c9cc23f8a6827d19c5f32bb05d068acf47251_Sigmanly
-
Size
5.2MB
-
Sample
241226-mqlpgatjgy
-
MD5
3cae1f11044d2ca787824610a40f1696
-
SHA1
bf4af642f36e87b887f973f47a46bcb2e656c636
-
SHA256
50ae56d020d35a747bdf32acbd7c9cc23f8a6827d19c5f32bb05d068acf47251
-
SHA512
0918a7876c39cf901e9a4128f456683d85d2564767600ce4536c9d0bcd4be1b380cad8fcdf6d0b96fd30e48a0f1e73e66df6d5f279fb31e5fe5ecca3e2f856a7
-
SSDEEP
98304:iAVs069jHTPkc8zU7Jr93Wu+ieSaCKFa/9hAYNS1gtgghI+lw:iMnUjzPkcyI93Wu+ieSaCKFRYNS1gtV8
Malware Config
Targets
-
-
Target
50ae56d020d35a747bdf32acbd7c9cc23f8a6827d19c5f32bb05d068acf47251_Sigmanly
-
Size
5.2MB
-
MD5
3cae1f11044d2ca787824610a40f1696
-
SHA1
bf4af642f36e87b887f973f47a46bcb2e656c636
-
SHA256
50ae56d020d35a747bdf32acbd7c9cc23f8a6827d19c5f32bb05d068acf47251
-
SHA512
0918a7876c39cf901e9a4128f456683d85d2564767600ce4536c9d0bcd4be1b380cad8fcdf6d0b96fd30e48a0f1e73e66df6d5f279fb31e5fe5ecca3e2f856a7
-
SSDEEP
98304:iAVs069jHTPkc8zU7Jr93Wu+ieSaCKFa/9hAYNS1gtgghI+lw:iMnUjzPkcyI93Wu+ieSaCKFRYNS1gtV8
Score10/10-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xmrig family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-