xmrig | d28e9540401428e9fbcfe7a34b5dd21768c1208c0a8466d06e25d3dce12da1ab | Triage

Submit
Reports

Overview

overview

Static

static

Cleaner.exe

windows7_x64

Cleaner.exe

windows10-2004_x64

Sharing

General

Target

a00eadb0f2e3f60cbb65a83524faf46c
Size

2.3MB
Sample

220422-m8j9csgdhq
MD5

a00eadb0f2e3f60cbb65a83524faf46c
SHA1

4b05ee08ecff3dc1b8a2b82b1fa208642616a00f
SHA256

d28e9540401428e9fbcfe7a34b5dd21768c1208c0a8466d06e25d3dce12da1ab
SHA512

58b07c32ad33f497cd287c3a05850c88106407d40679320688f289d25352ec73081fbb044a2ad191bc9955a1e9893cd34b23a3e4875c96876fff64b869fdfaf1

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

Cleaner.exe

Resource

win7-20220414-en

xmrig discovery evasion exploit miner

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Cleaner.exe

Resource

win10v2004-20220414-en

xmrig discovery evasion exploit miner

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Cleaner.exe
- Size
  
  2.3MB
- MD5
  
  20e46ebb79a42cf493dd3ad6129ba5ee
- SHA1
  
  84adc64bf4f3e7d886d6502292b23d57d26f8272
- SHA256
  
  28432c6b761d9a0d6d3a80cbeda9b6f745cf55b5a2c234737afe493d1ff11158
- SHA512
  
  4944f8a8f3eeb4321f59e295946724aab209ea42189a754334d0e10b88a8a5fe0842ec1e05f54fba874808305d9f11c8495fe776800dc8dd750389194ab3d7c8
Score

10^/10

xmrig discovery evasion exploit miner
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigdiscoveryevasionexploitminer

behavioral2

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy