xmrig | fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28 | Triage

Submit
Reports

Overview

overview

Static

static

1

fa2f8e5c8a...28.exe

windows7_x64

fa2f8e5c8a...28.exe

windows10_x64

Sharing

General

Target

fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28
Size

14.6MB
Sample

210504-veykae1kd6
MD5

fd5f567c89f16417f72f449968d0f77a
SHA1

f29caf15ee42562de84fcba50ff0149e07e91991
SHA256

fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28
SHA512

75d0b1d4559799d59bc877f7f24b4269fd7437e68f317de46326045b2e7440cd61638c4732819221077fdeb487f0177ea74f0921bfb981503900281ca8966d50

Score

10^/10

xmrig discovery evasion miner persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28.exe

Resource

win7v20210410

xmrig discovery evasion miner persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28.exe

Resource

win10v20210410

discovery evasion persistence upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28
- Size
  
  14.6MB
- MD5
  
  fd5f567c89f16417f72f449968d0f77a
- SHA1
  
  f29caf15ee42562de84fcba50ff0149e07e91991
- SHA256
  
  fa2f8e5c8a4ec948a16627e874ba31e42812b78bc0e2766e5314cc77cab7cc28
- SHA512
  
  75d0b1d4559799d59bc877f7f24b4269fd7437e68f317de46326045b2e7440cd61638c4732819221077fdeb487f0177ea74f0921bfb981503900281ca8966d50
Score

10^/10

xmrig discovery evasion miner persistence upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigdiscoveryevasionminerpersistenceupx

behavioral2

discoveryevasionpersistenceupx

© 2018-2024

Terms | Privacy