xmrig | 8c5b1765be823aed40005938ffe187b65695022920b7f2908ab36fa823379d71 | Triage

Submit
Reports

Overview

overview

Static

static

8C5B1765BE...7F.exe

windows7_x64

8

8C5B1765BE...7F.exe

windows10_x64

Sharing

General

Target

8C5B1765BE823AED40005938FFE187B65695022920B7F.exe
Size

1.3MB
Sample

210625-p39ljg93sx
MD5

5ba6b57de0f7a435cc0c812e08edd466
SHA1

7a8d5b48c912d622864f601e04344d15841ff52d
SHA256

8c5b1765be823aed40005938ffe187b65695022920b7f2908ab36fa823379d71
SHA512

5be2415505e8a811a0904bac36a02d8a22c48eb2d4e3d0bce3290bc10630901827cf3d4c9e8d8199e9264f50dfc04412cc7496feadb1e8f62356ddf7bb4b96aa

Score

10^/10

xmrig miner spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8C5B1765BE823AED40005938FFE187B65695022920B7F.exe

Resource

win7v20210410

spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8C5B1765BE823AED40005938FFE187B65695022920B7F.exe

Resource

win10v20210408

xmrig miner spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8C5B1765BE823AED40005938FFE187B65695022920B7F.exe
- Size
  
  1.3MB
- MD5
  
  5ba6b57de0f7a435cc0c812e08edd466
- SHA1
  
  7a8d5b48c912d622864f601e04344d15841ff52d
- SHA256
  
  8c5b1765be823aed40005938ffe187b65695022920b7f2908ab36fa823379d71
- SHA512
  
  5be2415505e8a811a0904bac36a02d8a22c48eb2d4e3d0bce3290bc10630901827cf3d4c9e8d8199e9264f50dfc04412cc7496feadb1e8f62356ddf7bb4b96aa
Score

10^/10

spyware stealer xmrig miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

xmrigminerspywarestealer

© 2018-2024

Terms | Privacy