General

  • Target

    gmail2ma.7z

  • Size

    1.9MB

  • MD5

    aac610911886e8045a4c76cdb0259a42

  • SHA1

    96f9685113ede27d9e83d3c0f8ca091a3ac494d3

  • SHA256

    9a4236eb1c2299636ddaa2da63f2aa9a10dc27f7aadd93fec141f5be199ca9cd

  • SHA512

    95f0c3b9a29679f3feff565a9960ce4228c666a4aa653ec8d462576d58c555fc54aa472ff68334429900a1c243b0970e0ab860b894f42dfd2dace63f4f7342a8

  • SSDEEP

    49152:YWOTuNGYU8rtaQhs65sCayrBdUt7P2o454k6VR:YWAhV8rsQhsVCayrWDN4ehVR

Score
10/10

Malware Config

Signatures

  • XMRig Miner payload 2 IoCs
  • Xmrig family
  • Detected Nirsoft tools 2 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft WebBrowserPassView 1 IoCs

    Password recovery tool for various web browsers

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • gmail2ma.7z
    .7z

    Password: 1625093

  • Update.xml
  • WinRing0x64.sys
    .sys windows:6 windows x64 arch:x64

    d41fa95d4642dc981f10de36f4dc8cd7


    Code Sign

    Headers

    Imports

    Sections

  • go.exe
    .exe windows:4 windows x86 arch:x86

    Password: 1625093


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • mozilla.vbs
    .vbs
  • mservice.exe
    .exe windows:6 windows x64 arch:x64

    Password: 1625093

    b581bab240cfda02a9caece1cf6aee19


    Headers

    Imports

    Sections

  • mservice.vbs
    .vbs
  • ps.exe
    .exe windows:4 windows x86 arch:x86

    Password: 1625093

    4075b51e1d1f053632ccd3a22ae13aa9


    Headers

    Imports

    Sections

  • sarmat.vbs
    .vbs