xmrig | 28e5812c8bff42c348a5f25a5f3d871c5b3bbda882da1009db4d25dc974bef0c | Triage

Submit
Reports

Overview

overview

Static

static

m2.dat.exe

windows7_x64

m2.dat.exe

windows10_x64

Sharing

General

Target

m2.dat
Size

3.4MB
Sample

211201-wq4dyshgg7
MD5

fcfc0feed527d188d6b2ed3445758511
SHA1

b4198d332b59b303e2dc5df717f2cf408b308f28
SHA256

28e5812c8bff42c348a5f25a5f3d871c5b3bbda882da1009db4d25dc974bef0c
SHA512

af053c75e89e18573161dcd1fcabc3b08998874c5e810bc15bb2a0e5ab0254d06b4ec6defc545fc9dff4fcb94529eb9ea7610ad63233e5d6e191b232c502d3c5

Score

10^/10

xmrig evasion miner

Static task

static1

Behavioral task

behavioral1

Sample

m2.dat.exe

Resource

win7-en-20211014

xmrig evasion miner

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

m2.dat.exe

Resource

win10-en-20211104

xmrig evasion miner

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://k2ygoods.ydns.eu/power.txt

Targets

- Target
  
  m2.dat
- Size
  
  3.4MB
- MD5
  
  fcfc0feed527d188d6b2ed3445758511
- SHA1
  
  b4198d332b59b303e2dc5df717f2cf408b308f28
- SHA256
  
  28e5812c8bff42c348a5f25a5f3d871c5b3bbda882da1009db4d25dc974bef0c
- SHA512
  
  af053c75e89e18573161dcd1fcabc3b08998874c5e810bc15bb2a0e5ab0254d06b4ec6defc545fc9dff4fcb94529eb9ea7610ad63233e5d6e191b232c502d3c5
Score

10^/10

xmrig evasion miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminer

behavioral2

xmrigevasionminer

© 2018-2024

Terms | Privacy