General
-
Target
68e7a0fa9f7dbbb34bc4bad97690ea72.exe
-
Size
5.6MB
-
Sample
220504-j4zlpsdea8
-
MD5
d9079709c37a9977a75123a38cbd6660
-
SHA1
0f7af4f8fe342afc826d5b6a7ffb0c145b371c50
-
SHA256
b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3
-
SHA512
a6d3992a6842d4433d3ce46439b14e02de34929309263ff08d4e7a561a52210a886a146afc3579aa44c28a528fc798c6c615543a805212bc382e4e7141c842bd
Static task
static1
Behavioral task
behavioral1
Sample
68e7a0fa9f7dbbb34bc4bad97690ea72.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
68e7a0fa9f7dbbb34bc4bad97690ea72.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
68e7a0fa9f7dbbb34bc4bad97690ea72.exe
-
Size
5.6MB
-
MD5
d9079709c37a9977a75123a38cbd6660
-
SHA1
0f7af4f8fe342afc826d5b6a7ffb0c145b371c50
-
SHA256
b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3
-
SHA512
a6d3992a6842d4433d3ce46439b14e02de34929309263ff08d4e7a561a52210a886a146afc3579aa44c28a528fc798c6c615543a805212bc382e4e7141c842bd
Score10/10-
XMRig Miner Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-