xmrig | 5bdb6537aeb8f84e02475e8c55ef2bc1749bd89537e53339e30bd548d68e0479 | Triage

Submit
Reports

Overview

overview

Static

static

5bdb6537ae...79.exe

windows7_x64

5bdb6537ae...79.exe

windows10_x64

Sharing

General

Target

5bdb6537aeb8f84e02475e8c55ef2bc1749bd89537e53339e30bd548d68e0479
Size

13.9MB
Sample

210504-t7f4jhty4x
MD5

ec2c59967ea1ba9fdbeaa79e41ee0c94
SHA1

9ff11413e265839c6994d473146ae5cf1c3cf256
SHA256

5bdb6537aeb8f84e02475e8c55ef2bc1749bd89537e53339e30bd548d68e0479
SHA512

3bf9d5e84d71f3f00425dd4a47e3a1838866d2d887490484610322a562849120d90e173051de6fbe0f8c72062232a42038ded2d28922cb804c654a00c5fbbe94

Score

10^/10

xmrig evasion miner persistence spyware stealer trojan upx

Static task

static1

miner upx xmrig

Behavioral task

behavioral1

Sample

5bdb6537aeb8f84e02475e8c55ef2bc1749bd89537e53339e30bd548d68e0479.exe

Resource

win7v20210408

xmrig evasion miner persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5bdb6537aeb8f84e02475e8c55ef2bc1749bd89537e53339e30bd548d68e0479.exe

Resource

win10v20210408

xmrig evasion miner persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  5bdb6537aeb8f84e02475e8c55ef2bc1749bd89537e53339e30bd548d68e0479
- Size
  
  13.9MB
- MD5
  
  ec2c59967ea1ba9fdbeaa79e41ee0c94
- SHA1
  
  9ff11413e265839c6994d473146ae5cf1c3cf256
- SHA256
  
  5bdb6537aeb8f84e02475e8c55ef2bc1749bd89537e53339e30bd548d68e0479
- SHA512
  
  3bf9d5e84d71f3f00425dd4a47e3a1838866d2d887490484610322a562849120d90e173051de6fbe0f8c72062232a42038ded2d28922cb804c654a00c5fbbe94
Score

10^/10

xmrig evasion miner persistence spyware stealer trojan
- UAC bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminerpersistencespywarestealertrojan

behavioral2

xmrigevasionminerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy