xmrig | 3f955e5f8b418362e0fe21f82a1a4b5f6e94abbf6cb9593384e3bdaf6756112d | Triage

Sharing

General

Target

5020890479493120.zip
Size

300KB
Sample

210628-47k4rk3nfn
MD5

c8816c0684d03585a95b9590048d7527
SHA1

29a7b6b74769403c8d96a788fbfa4a39d37d3334
SHA256

3f955e5f8b418362e0fe21f82a1a4b5f6e94abbf6cb9593384e3bdaf6756112d
SHA512

cb4b69cc1a65ce6f6161b7cdbf00708806bf4a335b3e22c166b719d16cac0b2dd06e863cd9007b06028801bba5d87df2bbb9fc5a58cc196a0b2fb84b4f0fc0b1

Score

10^/10

xmrig evasion miner persistence ransomware

Malware Config

Targets

- Target
  
  9f85b7f6182409d3731b67da09006dc99be2fc82637160e93fb2b71e13ff62c3
- Size
  
  347KB
- MD5
  
  31441b2bcb3e56815b1a2865a73d5ed8
- SHA1
  
  ff92e087b723d2b4c53316366930514b8f27b7bc
- SHA256
  
  9f85b7f6182409d3731b67da09006dc99be2fc82637160e93fb2b71e13ff62c3
- SHA512
  
  01973b6cead3f5c332e499d2281cd92a595ca2ea5eca953f4202e4e6f5892e147c329c029a324b286e9bfebfd169603342b2df660bbb58f862eea16772627ffd
Score

10^/10

xmrig evasion miner persistence ransomware
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

xmrigevasionminerpersistenceransomware

behavioral2

evasionpersistenceransomware