xmrig | eae4d750de26b0bf5b3435812d64597bce6d855a66146335649a40c374a76391 | Triage

Submit
Reports

Overview

overview

Static

static

1

59f1e69b68...aa.exe

windows7_x64

59f1e69b68...aa.exe

windows10_x64

Resubmissions

18-04-2022 16:38

220418-t5sjwsaea7 10

19-10-2021 19:39

211019-ydcrkshcbn 10

Sharing

General

Target

5457201880793088.zip
Size

1.7MB
Sample

211019-ydcrkshcbn
MD5

187bdea56c9b016efe61a02cc4713ab6
SHA1

3ee76104bce2b030b18dc07fc5d7b6bf8f8e5ccb
SHA256

eae4d750de26b0bf5b3435812d64597bce6d855a66146335649a40c374a76391
SHA512

e4767d2f66883975f5cb90d152c09bf5e9a8727ff3409a48d2bd4f7865d152b37a87a929c0cc27e90a8396332a1e57e6c41df98ceab1c6cfe2e215bfbd648dc5

Score

10^/10

xmrig miner persistence suricata

Static task

static1

Behavioral task

behavioral1

Sample

59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa.exe

Resource

win7-en-20210920

persistence suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa.exe

Resource

win10-en-20210920

xmrig miner persistence suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa
- Size
  
  1.7MB
- MD5
  
  df11b3105df8d7c70e7b501e210e3cc3
- SHA1
  
  01ba101c4355b18ec11652a9ab6f8994279ba769
- SHA256
  
  59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa
- SHA512
  
  7afa3a272520b9fdb2d2fcbeb43e4c53d906ab0db7732ca5bdab64d909d1ca7781d8d08bb1ec6c474b0dddc3f91d04af34368edab0ba8a3b0a48fd2bae82b9fa
Score

10^/10

persistence suricata xmrig miner
- Modifies WinLogon for persistence
  persistence
- suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
  suricata
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- XMRig Miner Payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

persistencesuricata

behavioral2

xmrigminerpersistencesuricata

© 2018-2024

Terms | Privacy