xmrig | 8b6fd0653c28ed05dc0a723873c11c42eff9bf4ca6b4b2b6f319675114b932df | Triage

Submit
Reports

Overview

overview

Static

static

8b6fd0653c...df.exe

windows7_x64

8b6fd0653c...df.exe

windows10_x64

Sharing

General

Target

8b6fd0653c28ed05dc0a723873c11c42eff9bf4ca6b4b2b6f319675114b932df
Size

1.5MB
Sample

210504-mpdzqqahp6
MD5

bdde07f243bc6ea569222443ff581d51
SHA1

41ebd57bcf0083b34221c0e7a16600c95f68fdac
SHA256

8b6fd0653c28ed05dc0a723873c11c42eff9bf4ca6b4b2b6f319675114b932df
SHA512

4f0a5fee3bb435abef8201fe613b85c8f29ae579a5689eb119ed5f06c917816c2a9e9c19c6f6a165bef4d93b72ebe9e2ab722da308fa3e49fb52b02eb3d1432e

Score

10^/10

xmrig evasion miner persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8b6fd0653c28ed05dc0a723873c11c42eff9bf4ca6b4b2b6f319675114b932df.exe

Resource

win7v20210408

xmrig evasion miner persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8b6fd0653c28ed05dc0a723873c11c42eff9bf4ca6b4b2b6f319675114b932df.exe

Resource

win10v20210410

xmrig evasion miner persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8b6fd0653c28ed05dc0a723873c11c42eff9bf4ca6b4b2b6f319675114b932df
- Size
  
  1.5MB
- MD5
  
  bdde07f243bc6ea569222443ff581d51
- SHA1
  
  41ebd57bcf0083b34221c0e7a16600c95f68fdac
- SHA256
  
  8b6fd0653c28ed05dc0a723873c11c42eff9bf4ca6b4b2b6f319675114b932df
- SHA512
  
  4f0a5fee3bb435abef8201fe613b85c8f29ae579a5689eb119ed5f06c917816c2a9e9c19c6f6a165bef4d93b72ebe9e2ab722da308fa3e49fb52b02eb3d1432e
Score

10^/10

xmrig evasion miner persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminerpersistencespywarestealer

behavioral2

xmrigevasionminerpersistencespywarestealer

© 2018-2024

Terms | Privacy