xmrig | 355d63445d88a149580b8fd8e1e0fb4880561df601749683b86f2d6dbea12f65 | Triage

Submit
Reports

Overview

overview

Static

static

355d63445d...65.exe

windows7_x64

355d63445d...65.exe

windows10_x64

Sharing

General

Target

355d63445d88a149580b8fd8e1e0fb4880561df601749683b86f2d6dbea12f65
Size

1.7MB
Sample

210516-avpzxf9enj
MD5

e6703b7f7fe55988a33baf75b7ccbc9e
SHA1

858337941efaa33dd18f589bd641633e66f2691f
SHA256

355d63445d88a149580b8fd8e1e0fb4880561df601749683b86f2d6dbea12f65
SHA512

3a1881087a11dfe16d80a8fd0746df631da3067059f37f396f26be754e968cbef53fd4f791fdfbda3f0e9813cf790e4f3c3aacc84d2b4803c674455e528c3a84

Score

10^/10

xmrig adware evasion miner persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

355d63445d88a149580b8fd8e1e0fb4880561df601749683b86f2d6dbea12f65.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

355d63445d88a149580b8fd8e1e0fb4880561df601749683b86f2d6dbea12f65.exe

Resource

win10v20210410

xmrig adware evasion miner persistence stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  355d63445d88a149580b8fd8e1e0fb4880561df601749683b86f2d6dbea12f65
- Size
  
  1.7MB
- MD5
  
  e6703b7f7fe55988a33baf75b7ccbc9e
- SHA1
  
  858337941efaa33dd18f589bd641633e66f2691f
- SHA256
  
  355d63445d88a149580b8fd8e1e0fb4880561df601749683b86f2d6dbea12f65
- SHA512
  
  3a1881087a11dfe16d80a8fd0746df631da3067059f37f396f26be754e968cbef53fd4f791fdfbda3f0e9813cf790e4f3c3aacc84d2b4803c674455e528c3a84
Score

10^/10

xmrig miner adware evasion persistence stealer trojan upx
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

xmrigadwareevasionminerpersistencestealertrojanupx

© 2018-2024

Terms | Privacy