xmrig | 8cec146d7a7b594cf7748b35c63ea1fed2c994ef2cdbb5731f1b15d9c9fa1ee3 | Triage

Submit
Reports

Overview

overview

Static

static

7fb4bc02c3...75.exe

windows7_x64

8

7fb4bc02c3...75.exe

windows10_x64

Sharing

General

Target

7fb4bc02c317b69c178833f4af693b75.exe
Size

2.5MB
Sample

210303-vxmb67khns
MD5

7fb4bc02c317b69c178833f4af693b75
SHA1

e2eb8284141f776f6d564e22b80d70f0dfd5a6f1
SHA256

8cec146d7a7b594cf7748b35c63ea1fed2c994ef2cdbb5731f1b15d9c9fa1ee3
SHA512

4e02db238bb5a9081de6384f2e16b3c85f782b84f0f71fdbaec50abaf8b6ba60075a3f512bd67d644d4ced2410a782adcae4f9ca25232825e9e6c64212758108

Score

10^/10

xmrig discovery evasion miner spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

7fb4bc02c317b69c178833f4af693b75.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7fb4bc02c317b69c178833f4af693b75.exe

Resource

win10v20201028

xmrig discovery evasion miner spyware upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7fb4bc02c317b69c178833f4af693b75.exe
- Size
  
  2.5MB
- MD5
  
  7fb4bc02c317b69c178833f4af693b75
- SHA1
  
  e2eb8284141f776f6d564e22b80d70f0dfd5a6f1
- SHA256
  
  8cec146d7a7b594cf7748b35c63ea1fed2c994ef2cdbb5731f1b15d9c9fa1ee3
- SHA512
  
  4e02db238bb5a9081de6384f2e16b3c85f782b84f0f71fdbaec50abaf8b6ba60075a3f512bd67d644d4ced2410a782adcae4f9ca25232825e9e6c64212758108
Score

10^/10

spyware xmrig discovery evasion miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Blocklisted process makes network request
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

File Permissions Modification

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

xmrigdiscoveryevasionminerspywareupx

© 2018-2024

Terms | Privacy