xmrig

General

Target

3ncrypter.m4n@gmail.com.exe
Size

1.3MB
Sample

211026-h9qqbahghj
MD5

e66f4a868b4f9af702a2998458953eec
SHA1

4dfb43cfafb536dc655b4a13d94a0bb5f2bbba29
SHA256

392a548a7ddcfdaec459e421a96e1fee183d7d73aff22ac7f744dc840f322164
SHA512

d3e8a75f0ac49b0d61b6958d38db83bb3fb19cab3c1f1a786a32ca08a51df1ce6976691ccef75c0d4816863d35e25a91706ed424f97885fbd78e927a9ff3e1ce

Score

10^/10

Malware Config

Extracted

Path

C:\$Recycle.Bin\Read-this.txt

Ransom Note

All Your Files Has Been Encrypted You Have to Pay to Get Your Files Back 1-Go to C:\ProgramData\ or in Your other Drives and send us prvkey.txt.key file 2-You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data 3-Payment should be with Bitcoin 4-Changing Windows without saving prvkey.txt.key file will cause permanete Data loss Our Email:3ncrypter.m4n@gmail.com in Case of no Answer:3ncryptionfile@gmail.com

Emails

Email:3ncrypter.m4n@gmail.com

Answer:3ncryptionfile@gmail.com

Targets

- Target
  
  3ncrypter.m4n@gmail.com.exe
- Size
  
  1.3MB
- MD5
  
  e66f4a868b4f9af702a2998458953eec
- SHA1
  
  4dfb43cfafb536dc655b4a13d94a0bb5f2bbba29
- SHA256
  
  392a548a7ddcfdaec459e421a96e1fee183d7d73aff22ac7f744dc840f322164
- SHA512
  
  d3e8a75f0ac49b0d61b6958d38db83bb3fb19cab3c1f1a786a32ca08a51df1ce6976691ccef75c0d4816863d35e25a91706ed424f97885fbd78e927a9ff3e1ce
Score

10^/10

xmrig evasion miner ransomware spyware stealer
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2