xmrig | 5a5465eb588646b74b0d0f06a0ab84f186be942acfab16a9bc15147a198d6a05

Sharing

Copy URL

Twitter E-mail

General

Target

gmail2ma.zip
Size

2.4MB
Sample

250328-slaz3azkv4
MD5

2ee3053aeacd758969d22a94bd29fe5e
SHA1

603e6e7d7fb44f7efc54c53a76dcfaf3343592e3
SHA256

5a5465eb588646b74b0d0f06a0ab84f186be942acfab16a9bc15147a198d6a05
SHA512

81afe3970e611ce6fb4b7781d246029b252d3ee27a1ce7ca160a95fc5c3a94cb8f9b2b64bf20f927fd51e0110f603a1a9c2afbc51bc8892dba6f07ddddb35ec1
SSDEEP

49152:q3TuqSP6UvO9MPSkB51E+B1TFKXUZnJvHs0PShweQrGccsqH4jKJRrJhd7nVMGEi:yXSSUv+kBskKonJvreBhdsiOKbJX7VMS

Score

10^/10

Malware Config

Targets

- Target
  
  gmail2ma/WinRing0x64.sys
- Size
  
  14KB
- MD5
  
  0c0195c48b6b8582fa6f6373032118da
- SHA1
  
  d25340ae8e92a6d29f599fef426a2bc1b5217299
- SHA256
  
  11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
- SHA512
  
  ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d
- SSDEEP
  
  192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Score

1^/10
behavioral1 behavioral2
- Target
  
  gmail2ma/go.exe
- Size
  
  238KB
- MD5
  
  81f2e954c408dace94c5ca19e876193d
- SHA1
  
  9c0e192a80e7761f6247ff5051d9154a7fb3a3bd
- SHA256
  
  967cdb1c1fec25e3a37442fc5788b419a7dbe95135ffe7560e4d7744fd8015db
- SHA512
  
  0bded3109b80d673c60b266aa7368a53593b289f089c1c47a63589112eb5e95fdf03f06aa23300bf3b0f168413dc9c4eb6143e5fcc5026226bcff4b1903d386a
- SSDEEP
  
  6144:tsWkyjw4wHBMPGnau9GrCP33S/S4N2A7TAulPrAsvYd:t9kyU4whyVCP3S/RNjcsPUs+
Score

9^/10

discovery spyware stealer upx
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  gmail2ma/mozilla.vbs
- Size
  
  7KB
- MD5
  
  671e707199d3342bf92ea40a36d5d072
- SHA1
  
  47a49a50bc92c99c9808dfb1bf598bc3b13c8a48
- SHA256
  
  2d64444b089d1115af57105c0b9e5645872267ce89ec2a6c9b16975412f7769d
- SHA512
  
  a9ebbfcf718ddf49ae6219e22b51a1022f1d9af6dcb0dc68000bace40e5b6f5269ae5dc9f2be8f09765b199eb04f9cefde55b9b1ac9107b2f11b175a81cd1895
- SSDEEP
  
  96:GFEXrCYXpuO8AN/YdD/9dwwmX+5/KoSOnSb2E9IfOun82p4643YEjTn45LNftoNE:GFEXrd518+/m5/Kjun8Hf+LLNEJM0nwn
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6
- Target
  
  gmail2ma/mservice.exe
- Size
  
  4.5MB
- MD5
  
  cfc0000b993a31c11ef58ac53837e4e1
- SHA1
  
  750752b9c20c6bac25c172fc5a0645cc7d631457
- SHA256
  
  47d70838cbedc8b0e0634e51bde8a72035922bddc1177cc9210fa0adb967d6a2
- SHA512
  
  bf03704f5e363940328112825976b78be50e4a8be2a64d50eb71e1ec016946f9d6dd256ecd2b87105ae45614982351b27ae99a53284321c3ebbc16ce316b960e
- SSDEEP
  
  98304:4XCVqZY5SVIhbh1A8K/drFfV6I8NXpBtkuzDS8VvazdNBi/:VVqJkI89pBTDS8NeNi/
Score

1^/10
behavioral7 behavioral8
- Target
  
  gmail2ma/mservice.vbs
- Size
  
  1KB
- MD5
  
  9317de7dbbe81436c5e4f25b3743ef3b
- SHA1
  
  a3fdf866b8ef5e89e9ee729553a8d86a7ec79ce1
- SHA256
  
  d111d16738309bf217d1b08b1a53cb9371d061015f07152b248de41d864a2b89
- SHA512
  
  f315ca9a4c6a7f3b4acc5ddfbd6e74c28fbdcddc21910c9dbb610a473a6075739ad3388b106ddffe460560f0c3498f8f5e2ff3af6e6d05c7fdfe158f83bd0b6b
Score

3^/10
behavioral10 behavioral9
- Target
  
  gmail2ma/ps.exe
- Size
  
  393KB
- MD5
  
  2024ea60da870a221db260482117258b
- SHA1
  
  716554dc580a82cc17a1035add302c0766590964
- SHA256
  
  53043bd27f47dbbe3e5ac691d8a586ab56a33f734356be9b8e49c7e975241a56
- SHA512
  
  ffcd4436b80169ba18db5b7c818c5da71661798963c0a5f5fbac99a6974a7729d38871e52bc36c766824dd54f2c8fa5711415ec45799db65c11293d8b829693b
- SSDEEP
  
  6144:QNV8uoDRSdm3v93UFlssFHgkU9KvKUXr/BAO9N/oXrsAteTQokizYu:eSDRSm3vrugB9KvKk9RO8k3u
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral11 behavioral12
- Target
  
  gmail2ma/sarmat.vbs
- Size
  
  2KB
- MD5
  
  08ad7921ec11078118f3aeb89e177c3f
- SHA1
  
  633197ee0570ba80cfe2358bbc483b64d84e838b
- SHA256
  
  e66da8042513b237ce1be98a5291c61ade2a8ebdb87b6aeb4eb9e200b38afc53
- SHA512
  
  009fe96d10fbcd751c41b7738d7e7c2748df0f0f4c6a206c973e19d93116de5d4906568236ec904b74302d12467126b383f3980e3351dccd6f0232b211abd061
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detected Nirsoft tools

Reads user/profile data of web browsers

UPX packed file

Blocklisted process makes network request

Checks computer location settings

Reads user/profile data of web browsers

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14