xmrig | a042293efe203b344a18faf8cb4611fdf0cc1c6a8d891e082c630689f2d68cd2 | Triage

Submit
Reports

Overview

overview

Static

static

sy.ps1

windows7_x64

sy.ps1

windows10_x64

Sharing

General

Target

sy.ps1
Size

6KB
Sample

211027-krhcbsbbc6
MD5

7d45b6a80c18e4febc37c55564ccee06
SHA1

8074da57c8c0ccce85ab4aac8af87855ad2738b1
SHA256

a042293efe203b344a18faf8cb4611fdf0cc1c6a8d891e082c630689f2d68cd2
SHA512

2d95bfd89f3764cd03d8dee2c30ca5099a3cb4d80d819dec5d8b3cbc4989b328d2a8a3ce0956c822d5c51b4591f60ec600193d20c7d3cb0e0675caa254ddf306

Score

10^/10

xmrig evasion miner

Static task

static1

Behavioral task

behavioral1

Sample

sy.ps1

Resource

win7-en-20210920

xmrig evasion miner

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sy.ps1

Resource

win10-en-20210920

xmrig evasion miner

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  sy.ps1
- Size
  
  6KB
- MD5
  
  7d45b6a80c18e4febc37c55564ccee06
- SHA1
  
  8074da57c8c0ccce85ab4aac8af87855ad2738b1
- SHA256
  
  a042293efe203b344a18faf8cb4611fdf0cc1c6a8d891e082c630689f2d68cd2
- SHA512
  
  2d95bfd89f3764cd03d8dee2c30ca5099a3cb4d80d819dec5d8b3cbc4989b328d2a8a3ce0956c822d5c51b4591f60ec600193d20c7d3cb0e0675caa254ddf306
Score

10^/10

xmrig evasion miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminer

behavioral2

xmrigevasionminer

© 2018-2024

Terms | Privacy