xmrig | f4594ae4012521944a46ee1add8f70f16db1c8c415e259640b19d6da10b26651 | Triage

Submit
Reports

Overview

overview

Static

static

f4594ae401...51.exe

windows7_x64

f4594ae401...51.exe

windows10_x64

Sharing

General

Target

f4594ae4012521944a46ee1add8f70f16db1c8c415e259640b19d6da10b26651
Size

6.3MB
Sample

210301-4sv7hr3wm6
MD5

362127796f414fd034ec53cff073728c
SHA1

03de6175bf62645dbb2d467df2af217a01c7767f
SHA256

f4594ae4012521944a46ee1add8f70f16db1c8c415e259640b19d6da10b26651
SHA512

94a16867ab82661b3cee547a514df6402e9a3d1f53e78e9c1c3c2a16ec45b932556b2abc84b2b331f99fcca54a8e087e2d9569ee5965e24b55230ae2bd398f7d

Score

10^/10

xmrig miner persistence spyware vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

f4594ae4012521944a46ee1add8f70f16db1c8c415e259640b19d6da10b26651.exe

Resource

win7v20201028

xmrig miner persistence spyware vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f4594ae4012521944a46ee1add8f70f16db1c8c415e259640b19d6da10b26651.exe

Resource

win10v20201028

xmrig miner persistence spyware vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f4594ae4012521944a46ee1add8f70f16db1c8c415e259640b19d6da10b26651
- Size
  
  6.3MB
- MD5
  
  362127796f414fd034ec53cff073728c
- SHA1
  
  03de6175bf62645dbb2d467df2af217a01c7767f
- SHA256
  
  f4594ae4012521944a46ee1add8f70f16db1c8c415e259640b19d6da10b26651
- SHA512
  
  94a16867ab82661b3cee547a514df6402e9a3d1f53e78e9c1c3c2a16ec45b932556b2abc84b2b331f99fcca54a8e087e2d9569ee5965e24b55230ae2bd398f7d
Score

10^/10

xmrig miner persistence spyware vmprotect
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigminerpersistencespywarevmprotect

behavioral2

xmrigminerpersistencespywarevmprotect

© 2018-2024

Terms | Privacy