Overview

overview

10

Static

static

10

aec860c32a...4N.exe

windows7-x64

10

aec860c32a...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aec860c32ac290f5965f10f9aae78acf886338ff1c09cdda221a4fbf47c74ba4N.exe

  • Size

    2.4MB

  • Sample

    241226-t66g5s1jgt

  • MD5

    c2db49b2378daf333dc721a5314c1680

  • SHA1

    710da0d7a67689d56e4f1be5495e4aeb677a0ac8

  • SHA256

    aec860c32ac290f5965f10f9aae78acf886338ff1c09cdda221a4fbf47c74ba4

  • SHA512

    3ff0420677bc14a6da4a458190966f03d0d9bdfc60c7f99c3475ab611958708cf6263039e02d88063b89831cc801aed1beef3699091dbc949d3997e25d310910

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qroYlVOIDmv:NABN

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      aec860c32ac290f5965f10f9aae78acf886338ff1c09cdda221a4fbf47c74ba4N.exe

    • Size

      2.4MB

    • MD5

      c2db49b2378daf333dc721a5314c1680

    • SHA1

      710da0d7a67689d56e4f1be5495e4aeb677a0ac8

    • SHA256

      aec860c32ac290f5965f10f9aae78acf886338ff1c09cdda221a4fbf47c74ba4

    • SHA512

      3ff0420677bc14a6da4a458190966f03d0d9bdfc60c7f99c3475ab611958708cf6263039e02d88063b89831cc801aed1beef3699091dbc949d3997e25d310910

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qroYlVOIDmv:NABN

    Score
    10/10
    xmrigexecutionminerupx

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks