xmrig | 5f4ede132e665f92d6dd56ce3a2a7425af122167756ba92c25e3cb8274f6c1f8 | Triage

Submit
Reports

Overview

overview

Static

static

1.ps1

windows7_x64

1.ps1

windows10_x64

Sharing

General

Target

1.ps1
Size

11KB
Sample

210702-5cpbbxw8vn
MD5

605e35c8a42df9b2e84767506fd7a058
SHA1

943b33be24495a540159230d5e1cda39c0912357
SHA256

5f4ede132e665f92d6dd56ce3a2a7425af122167756ba92c25e3cb8274f6c1f8
SHA512

a639e70c454070788f30b6df7d45ab24b7513333587a74ef6a648fa28c8104d9b7377b5fb78cf35c357f8d22796dfec198fd5d6f3e90667fe3d2269b7192b13a

Score

10^/10

xmrig evasion miner trojan

Static task

static1

Behavioral task

behavioral1

Sample

1.ps1

Resource

win7v20210408

xmrig evasion miner trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1.ps1

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://t.hwqloan.com

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://t.ouler.cc

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://t.ntele.net

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://t.jusanrihua.com

Targets

- Target
  
  1.ps1
- Size
  
  11KB
- MD5
  
  605e35c8a42df9b2e84767506fd7a058
- SHA1
  
  943b33be24495a540159230d5e1cda39c0912357
- SHA256
  
  5f4ede132e665f92d6dd56ce3a2a7425af122167756ba92c25e3cb8274f6c1f8
- SHA512
  
  a639e70c454070788f30b6df7d45ab24b7513333587a74ef6a648fa28c8104d9b7377b5fb78cf35c357f8d22796dfec198fd5d6f3e90667fe3d2269b7192b13a
Score

10^/10

xmrig evasion miner trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Impair Defenses

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminertrojan

behavioral2

© 2018-2024

Terms | Privacy