Overview

overview

10

Static

static

10

ee17b98ab4...37.exe

windows7-x64

10

ee17b98ab4...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee17b98ab43bf48605f878e5a55045259062b70a8eba1b15e6a2c29d75deea37.exe

  • Size

    2.8MB

  • Sample

    250202-repzzaxjbl

  • MD5

    488790c18f57d1f089ddfea06a7ff8d1

  • SHA1

    cecf6143c821bae95f1517dedd638ff4fd500ab9

  • SHA256

    ee17b98ab43bf48605f878e5a55045259062b70a8eba1b15e6a2c29d75deea37

  • SHA512

    12d5edc5fe4b67d85b1ee7eb5b8244c9e5ef5321f9c949a253fe653f1d4e1fc1532edf5d2471eee94ae53825b5a94aa3dbcb4d24046e7a5a4b2ad6b666554435

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleLWrJ5+bQ1:NABD

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      ee17b98ab43bf48605f878e5a55045259062b70a8eba1b15e6a2c29d75deea37.exe

    • Size

      2.8MB

    • MD5

      488790c18f57d1f089ddfea06a7ff8d1

    • SHA1

      cecf6143c821bae95f1517dedd638ff4fd500ab9

    • SHA256

      ee17b98ab43bf48605f878e5a55045259062b70a8eba1b15e6a2c29d75deea37

    • SHA512

      12d5edc5fe4b67d85b1ee7eb5b8244c9e5ef5321f9c949a253fe653f1d4e1fc1532edf5d2471eee94ae53825b5a94aa3dbcb4d24046e7a5a4b2ad6b666554435

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleLWrJ5+bQ1:NABD

    Score
    10/10
    xmrigexecutionminerupx

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks