General
-
Target
XONE.exe
-
Size
38.0MB
-
Sample
240701-vrz79atdpj
-
MD5
747325288a489b3c6863573f3e72104b
-
SHA1
14e39695af5942d151c008b813580160604d85e3
-
SHA256
7bfb4db002139d04fcf233d3384ba2c15c14e01d69d26327dc7ed918731b6194
-
SHA512
0258556daf1368dd58c651df6a4fd5e028a5217282a47a63b2fbbf08e20588cab57ca578e5e288868ed00ef30de2e5a43ca099aef7431d7dcac5b5d4c5436463
-
SSDEEP
786432:xy4byV7+uCOd9dFtuAJ1vyskeQ6T7tHckEz5lgYmErmRA+RlnS+kktWW8jz:xy4byV7+u5IATvJkb6PqL5ltm55NltWW
Behavioral task
behavioral1
Sample
XONE.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
XONE.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
XONE.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
XONE.exe
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
XONE.pyc
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
XONE.pyc
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
XONE.pyc
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
XONE.pyc
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
XONE.exe
-
Size
38.0MB
-
MD5
747325288a489b3c6863573f3e72104b
-
SHA1
14e39695af5942d151c008b813580160604d85e3
-
SHA256
7bfb4db002139d04fcf233d3384ba2c15c14e01d69d26327dc7ed918731b6194
-
SHA512
0258556daf1368dd58c651df6a4fd5e028a5217282a47a63b2fbbf08e20588cab57ca578e5e288868ed00ef30de2e5a43ca099aef7431d7dcac5b5d4c5436463
-
SSDEEP
786432:xy4byV7+uCOd9dFtuAJ1vyskeQ6T7tHckEz5lgYmErmRA+RlnS+kktWW8jz:xy4byV7+u5IATvJkb6PqL5ltm55NltWW
-
XMRig Miner payload
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
XONE.pyc
-
Size
1KB
-
MD5
e87c722cf6cca0b4467c93d412d373e9
-
SHA1
ad5378470eaaf373ea07b205990730e8f60c8082
-
SHA256
03dec4d387d7267a2a5b16ae410dbfca535ac72b398e5c704e8aa467e5616cea
-
SHA512
fab2b97ba7a90b4c051e03d203c97dcbd324edcf0441c76e271cb1b8d72b840df4dbadcc8f7faec53a068eadb0c691057586765c815573f8750e1746e278a78b
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1