Overview

overview

10

Static

static

joined1.exe

windows7_x64

10

joined1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    joined1.exe

  • Size

    81KB

  • Sample

    210714-k2lytcj5yj

  • MD5

    1ec9468cb50d54dc6ad82c03470ec19f

  • SHA1

    9efc4189409bdc83bed5434408369284edd0a7de

  • SHA256

    c1b759f6e2996a0fbcc1fa5102043e81510c8c00225ae2bc1a2d91dd11b9c283

  • SHA512

    8e3137b52a6e2f5959e2205faba02fa7dac3ffefd5276f61d6533e1b25c9c79de129897bd6c631928e2ef3658ce1c2b3915d745010edb0287bc9c5da14df9fde

Score
10/10
xmrigminer

Malware Config

Targets

    • Target

      joined1.exe

    • Size

      81KB

    • MD5

      1ec9468cb50d54dc6ad82c03470ec19f

    • SHA1

      9efc4189409bdc83bed5434408369284edd0a7de

    • SHA256

      c1b759f6e2996a0fbcc1fa5102043e81510c8c00225ae2bc1a2d91dd11b9c283

    • SHA512

      8e3137b52a6e2f5959e2205faba02fa7dac3ffefd5276f61d6533e1b25c9c79de129897bd6c631928e2ef3658ce1c2b3915d745010edb0287bc9c5da14df9fde

    Score
    10/10
    xmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks