xmrig | 2664ca0874468958e3819f05885a3e52ffb392ac416cb5c5618031136aa2b438 | Triage

Sharing

General

Target

2664ca0874468958e3819f05885a3e52ffb392ac416cb5c5618031136aa2b438
Size

14.9MB
Sample

210228-et5q3nvyre
MD5

b7cf157c47d8d2d7bc77ba840ca3ec62
SHA1

8b9e560998dde9b09498df6c5539b31af7ccbdb4
SHA256

2664ca0874468958e3819f05885a3e52ffb392ac416cb5c5618031136aa2b438
SHA512

cabc1d0d03d0fee9486bb1ec44786df22a24d0218f1c9b4fed909d2f81bb9c9f470b300653874e23c32bdd551f7cb5de38b6d47768bc948b5ff22bd5585f1e2d

Score

10^/10

xmrig evasion miner persistence

Malware Config

Targets

- Target
  
  2664ca0874468958e3819f05885a3e52ffb392ac416cb5c5618031136aa2b438
- Size
  
  14.9MB
- MD5
  
  b7cf157c47d8d2d7bc77ba840ca3ec62
- SHA1
  
  8b9e560998dde9b09498df6c5539b31af7ccbdb4
- SHA256
  
  2664ca0874468958e3819f05885a3e52ffb392ac416cb5c5618031136aa2b438
- SHA512
  
  cabc1d0d03d0fee9486bb1ec44786df22a24d0218f1c9b4fed909d2f81bb9c9f470b300653874e23c32bdd551f7cb5de38b6d47768bc948b5ff22bd5585f1e2d
Score

10^/10

xmrig evasion miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigevasionminerpersistence

behavioral2

xmrigevasionminerpersistence