General
-
Target
68e7a0fa9f7dbbb34bc4bad97690ea72.exe
-
Size
5.6MB
-
Sample
220504-j4zlpsdea8
-
MD5
d9079709c37a9977a75123a38cbd6660
-
SHA1
0f7af4f8fe342afc826d5b6a7ffb0c145b371c50
-
SHA256
b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3
-
SHA512
a6d3992a6842d4433d3ce46439b14e02de34929309263ff08d4e7a561a52210a886a146afc3579aa44c28a528fc798c6c615543a805212bc382e4e7141c842bd
Malware Config
Targets
-
-
Target
68e7a0fa9f7dbbb34bc4bad97690ea72.exe
-
Size
5.6MB
-
MD5
d9079709c37a9977a75123a38cbd6660
-
SHA1
0f7af4f8fe342afc826d5b6a7ffb0c145b371c50
-
SHA256
b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3
-
SHA512
a6d3992a6842d4433d3ce46439b14e02de34929309263ff08d4e7a561a52210a886a146afc3579aa44c28a528fc798c6c615543a805212bc382e4e7141c842bd
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner Payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-