xmrig | 353086a213c6868d07ef24f82ae4786d2f4a1af67530e925a7cf53a49ea3964f | Triage

Submit
Reports

Overview

overview

Static

static

353086a213...4f.exe

windows7_x64

353086a213...4f.exe

windows10_x64

8

Resubmissions

07-03-2021 16:10

210307-5g64hjpzee 10

07-03-2021 16:07

210307-msarad9kb6 10

02-03-2021 13:27

210302-mcgd9mvges 10

Sharing

General

Target

353086a213c6868d07ef24f82ae4786d2f4a1af67530e925a7cf53a49ea3964f
Size

1.3MB
Sample

210302-mcgd9mvges
MD5

1305df0e5a017ec3ce66a83bd631428e
SHA1

b38535cedd5d539a1d91a335fe306f5a0dccbfdb
SHA256

353086a213c6868d07ef24f82ae4786d2f4a1af67530e925a7cf53a49ea3964f
SHA512

fc693e8b04230a825a4f79ee797845f00a272530d77e3d5191c469a2ddbbc50e64de4b13cf8b6fba70922224b4b5ca86720f6fc0c88a206f10f326d10aaaa0fe

Score

10^/10

xmrig evasion miner ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

353086a213c6868d07ef24f82ae4786d2f4a1af67530e925a7cf53a49ea3964f.exe

Resource

win7v20201028

xmrig evasion miner ransomware spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

353086a213c6868d07ef24f82ae4786d2f4a1af67530e925a7cf53a49ea3964f.exe

Resource

win10v20201028

evasion spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  353086a213c6868d07ef24f82ae4786d2f4a1af67530e925a7cf53a49ea3964f
- Size
  
  1.3MB
- MD5
  
  1305df0e5a017ec3ce66a83bd631428e
- SHA1
  
  b38535cedd5d539a1d91a335fe306f5a0dccbfdb
- SHA256
  
  353086a213c6868d07ef24f82ae4786d2f4a1af67530e925a7cf53a49ea3964f
- SHA512
  
  fc693e8b04230a825a4f79ee797845f00a272530d77e3d5191c469a2ddbbc50e64de4b13cf8b6fba70922224b4b5ca86720f6fc0c88a206f10f326d10aaaa0fe
Score

10^/10

xmrig evasion miner ransomware spyware
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminerransomwarespyware

behavioral2

© 2018-2024

Terms | Privacy