xmrig | 43a76564e07435ac07f3d3d3ab49885bd0bf8562d0c14a87fc2d536d4c94b62b | Triage

Submit
Reports

Overview

overview

Static

static

1

43a76564e0...2b.exe

windows7_x64

43a76564e0...2b.exe

windows10_x64

Sharing

General

Target

43a76564e07435ac07f3d3d3ab49885bd0bf8562d0c14a87fc2d536d4c94b62b
Size

1.4MB
Sample

211207-j6q3cagdbp
MD5

938150f91d742c07236f8bf8c4823028
SHA1

9a375e941eb880f0f8be3d8cef2e149b74df140b
SHA256

43a76564e07435ac07f3d3d3ab49885bd0bf8562d0c14a87fc2d536d4c94b62b
SHA512

12ad34b4acbe9499e789790f6b7809846f873b148d84dae895f3989901ee2fba2af9734f47670144fb5a16067ca54e44e5f01fc49804b02dc0cb4ceb510e9c2d

Score

10^/10

xmrig miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

43a76564e07435ac07f3d3d3ab49885bd0bf8562d0c14a87fc2d536d4c94b62b.exe

Resource

win7-en-20211014

xmrig miner persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

43a76564e07435ac07f3d3d3ab49885bd0bf8562d0c14a87fc2d536d4c94b62b.exe

Resource

win10-en-20211104

xmrig miner persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  43a76564e07435ac07f3d3d3ab49885bd0bf8562d0c14a87fc2d536d4c94b62b
- Size
  
  1.4MB
- MD5
  
  938150f91d742c07236f8bf8c4823028
- SHA1
  
  9a375e941eb880f0f8be3d8cef2e149b74df140b
- SHA256
  
  43a76564e07435ac07f3d3d3ab49885bd0bf8562d0c14a87fc2d536d4c94b62b
- SHA512
  
  12ad34b4acbe9499e789790f6b7809846f873b148d84dae895f3989901ee2fba2af9734f47670144fb5a16067ca54e44e5f01fc49804b02dc0cb4ceb510e9c2d
Score

10^/10

xmrig miner persistence
- Modifies WinLogon for persistence
  persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- XMRig Miner Payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

xmrigminerpersistence

behavioral2

xmrigminerpersistence

© 2018-2024

Terms | Privacy