xmrig | eb7966388d917e0699365202de9a50848c3dbe4e4be362eacc385053309911c1 | Triage

Submit
Reports

Overview

overview

Static

static

eb7966388d...c1.exe

windows7_x64

eb7966388d...c1.exe

windows10_x64

Sharing

General

Target

eb7966388d917e0699365202de9a50848c3dbe4e4be362eacc385053309911c1
Size

1.1MB
Sample

210511-ndpq9jcw3x
MD5

e709b49637fe6417c4a0d87bae495ba1
SHA1

8b72aa4fa153b9f06d91eb83367223692b7e3720
SHA256

eb7966388d917e0699365202de9a50848c3dbe4e4be362eacc385053309911c1
SHA512

f53381207787b2c67c0708ca6605b6aded2f06fb946ab9f38dfa6c75d8289edfd84743af214256a83a16f656671d1d15c37778d3b0a2bc1a567dee75c936fbb1

Score

10^/10

xmrig evasion macro miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

eb7966388d917e0699365202de9a50848c3dbe4e4be362eacc385053309911c1.exe

Resource

win7v20210410

evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eb7966388d917e0699365202de9a50848c3dbe4e4be362eacc385053309911c1.exe

Resource

win10v20210410

xmrig evasion macro miner persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  eb7966388d917e0699365202de9a50848c3dbe4e4be362eacc385053309911c1
- Size
  
  1.1MB
- MD5
  
  e709b49637fe6417c4a0d87bae495ba1
- SHA1
  
  8b72aa4fa153b9f06d91eb83367223692b7e3720
- SHA256
  
  eb7966388d917e0699365202de9a50848c3dbe4e4be362eacc385053309911c1
- SHA512
  
  f53381207787b2c67c0708ca6605b6aded2f06fb946ab9f38dfa6c75d8289edfd84743af214256a83a16f656671d1d15c37778d3b0a2bc1a567dee75c936fbb1
Score

10^/10

evasion persistence xmrig macro miner
- Modifies visiblity of hidden/system files in Explorer
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Suspicious Office macro
  Office document equipped with macros.
  macro
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

xmrigevasionmacrominerpersistence

© 2018-2024

Terms | Privacy