xmrig | 30899cd09dd5df4bfe5242ef5ff17f353ce1fd07a8c762702c1eb4e2ba8bfba1 | Triage

Submit
Reports

Overview

overview

Static

static

222.bat

windows7_x64

222.bat

windows10_x64

Resubmissions

16-10-2021 08:50

211016-krydjscfbj 10

16-10-2021 06:51

211016-hmx6wabgb9 10

Sharing

General

Target

222.bat
Size

89B
Sample

211016-krydjscfbj
MD5

75a4daa4b7e656ded55a6a7865342d04
SHA1

8e52d1f4dfa6bd9501ba89855b44059bf92f699e
SHA256

30899cd09dd5df4bfe5242ef5ff17f353ce1fd07a8c762702c1eb4e2ba8bfba1
SHA512

16fafec07a8ebed3d602c6af50323a2c8e0f784f4d8ccd172d78d935cb7e8a2294a51c02999a04e53efdaf290a5de687cb7654d67f38590eee392431bd7c2334

Score

10^/10

xmrig evasion miner persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

222.bat

Resource

win7-en-20210920

xmrig evasion miner persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

222.bat

Resource

win10-en-20211014

xmrig evasion miner persistence upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://cat.xiaoshabi.nl/networks.ps1

Targets

- Target
  
  222.bat
- Size
  
  89B
- MD5
  
  75a4daa4b7e656ded55a6a7865342d04
- SHA1
  
  8e52d1f4dfa6bd9501ba89855b44059bf92f699e
- SHA256
  
  30899cd09dd5df4bfe5242ef5ff17f353ce1fd07a8c762702c1eb4e2ba8bfba1
- SHA512
  
  16fafec07a8ebed3d602c6af50323a2c8e0f784f4d8ccd172d78d935cb7e8a2294a51c02999a04e53efdaf290a5de687cb7654d67f38590eee392431bd7c2334
Score

10^/10

xmrig evasion miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Sets DLL path for service in the registry
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerpersistenceupx

behavioral2

xmrigevasionminerpersistenceupx

© 2018-2024

Terms | Privacy