xmrig | cbc85816ce4d841628d343113b3ae6843402062835a9da85da1064f58e840517 | Triage

Submit
Reports

Overview

overview

Static

static

csrss.exe

windows7_x64

csrss.exe

windows10_x64

Sharing

General

Target

csrss.exe
Size

2.9MB
Sample

211201-yez89sfchq
MD5

62e98ca6b2bf484e6fbbc537fd49167a
SHA1

b8fbfaaeadb02dde6461132bf63a9faa4a89987e
SHA256

cbc85816ce4d841628d343113b3ae6843402062835a9da85da1064f58e840517
SHA512

684cd2a043b71b288a515a8df26e4f374afcec9de9cdb6d80068e24f6eeea7adf9c141e6df172ec4cb2a09edbf3da2a9e0120ff8a086800c52f5c7cc998799d8

Score

10^/10

xmrig evasion miner suricata

Static task

static1

Behavioral task

behavioral1

Sample

csrss.exe

Resource

win7-en-20211014

xmrig evasion miner suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

csrss.exe

Resource

win10-en-20211104

xmrig evasion miner suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://k2ygoods.ydns.eu/power.txt

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://2652435.f3322.org/power.txt

Targets

- Target
  
  csrss.exe
- Size
  
  2.9MB
- MD5
  
  62e98ca6b2bf484e6fbbc537fd49167a
- SHA1
  
  b8fbfaaeadb02dde6461132bf63a9faa4a89987e
- SHA256
  
  cbc85816ce4d841628d343113b3ae6843402062835a9da85da1064f58e840517
- SHA512
  
  684cd2a043b71b288a515a8df26e4f374afcec9de9cdb6d80068e24f6eeea7adf9c141e6df172ec4cb2a09edbf3da2a9e0120ff8a086800c52f5c7cc998799d8
Score

10^/10

xmrig evasion miner suricata
- suricata: ET MALWARE Downloaded Script Disables Firewall/Antivirus
  suricata: ET MALWARE Downloaded Script Disables Firewall/Antivirus
  suricata
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Modify Existing Service

Hidden Files and Directories

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminersuricata

behavioral2

xmrigevasionminersuricata

© 2018-2024

Terms | Privacy