xmrig | 91eae6dc22d761e9c2b1aeb559300897baf92f196f61d73fac31fd01637f96ab | Triage

Submit
Reports

Overview

overview

Static

static

1

91eae6dc22...ab.exe

windows7_x64

91eae6dc22...ab.exe

windows10_x64

Sharing

General

Target

91eae6dc22d761e9c2b1aeb559300897baf92f196f61d73fac31fd01637f96ab
Size

3.5MB
Sample

211210-pydpyagdh5
MD5

8e5c1e555efa573a260317b057f5ed0c
SHA1

e62c2f828baf2d62b1dab38e1b5e3bef66f1bd75
SHA256

91eae6dc22d761e9c2b1aeb559300897baf92f196f61d73fac31fd01637f96ab
SHA512

26cf922e1b9a5906de95165581dd7b1867a93f431eb020d49362614b17efa868f2a0e32f13fa0e1902c5e0e77cf50156df45b9539ff49362421823a57de04776

Score

10^/10

xmrig miner spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

91eae6dc22d761e9c2b1aeb559300897baf92f196f61d73fac31fd01637f96ab.exe

Resource

win7-en-20211208

xmrig miner spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

91eae6dc22d761e9c2b1aeb559300897baf92f196f61d73fac31fd01637f96ab.exe

Resource

win10-en-20211208

xmrig miner spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  91eae6dc22d761e9c2b1aeb559300897baf92f196f61d73fac31fd01637f96ab
- Size
  
  3.5MB
- MD5
  
  8e5c1e555efa573a260317b057f5ed0c
- SHA1
  
  e62c2f828baf2d62b1dab38e1b5e3bef66f1bd75
- SHA256
  
  91eae6dc22d761e9c2b1aeb559300897baf92f196f61d73fac31fd01637f96ab
- SHA512
  
  26cf922e1b9a5906de95165581dd7b1867a93f431eb020d49362614b17efa868f2a0e32f13fa0e1902c5e0e77cf50156df45b9539ff49362421823a57de04776
Score

10^/10

xmrig miner spyware stealer
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Hidden Files and Directories

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigminerspywarestealer

behavioral2

xmrigminerspywarestealer

© 2018-2024

Terms | Privacy