xmrig | 6884ac9f82a44a7702c4807deec1640b66eb71f6c750dd0ca1d5d78632e626b5 | Triage

Submit
Reports

Overview

overview

Static

static

595C00BF9C...D3.exe

windows7_x64

595C00BF9C...D3.exe

windows10_x64

Sharing

General

Target

595C00BF9CA4BAA42B4490F2782CF2D3.exe
Size

1.1MB
Sample

210611-ezj8ccjy3a
MD5

595c00bf9ca4baa42b4490f2782cf2d3
SHA1

d1441cc336655f36efc3db070f84701a1f68e51a
SHA256

6884ac9f82a44a7702c4807deec1640b66eb71f6c750dd0ca1d5d78632e626b5
SHA512

aaa673adb4511d7e4ba5836f6874b047e8c2b31f86e005d46094a47626d23f97d72874307538c451541dbb44905503df2227902e9f4ccffa4d9836981abcd2e6

Score

10^/10

xmrig evasion miner

Static task

static1

Behavioral task

behavioral1

Sample

595C00BF9CA4BAA42B4490F2782CF2D3.exe

Resource

win7v20210408

xmrig evasion miner

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

595C00BF9CA4BAA42B4490F2782CF2D3.exe

Resource

win10v20210410

xmrig evasion miner

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  595C00BF9CA4BAA42B4490F2782CF2D3.exe
- Size
  
  1.1MB
- MD5
  
  595c00bf9ca4baa42b4490f2782cf2d3
- SHA1
  
  d1441cc336655f36efc3db070f84701a1f68e51a
- SHA256
  
  6884ac9f82a44a7702c4807deec1640b66eb71f6c750dd0ca1d5d78632e626b5
- SHA512
  
  aaa673adb4511d7e4ba5836f6874b047e8c2b31f86e005d46094a47626d23f97d72874307538c451541dbb44905503df2227902e9f4ccffa4d9836981abcd2e6
Score

10^/10

xmrig evasion miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminer

behavioral2

xmrigevasionminer

© 2018-2024

Terms | Privacy