xmrig | d5752df1ad7faf6f649354eba99da7f28ba2814a392f4d5362cf7ca911a909b6 | Triage

Submit
Reports

Overview

overview

Static

static

Cleaner.exe

windows7_x64

Cleaner.exe

windows10-2004_x64

Sharing

General

Target

Cleaner.zip
Size

2.4MB
Sample

220506-lpbx7scdfk
MD5

103ba5982aa617e31c9dbe502c57d920
SHA1

316a8ffb7507ddc17c133598c804409890cd5e01
SHA256

d5752df1ad7faf6f649354eba99da7f28ba2814a392f4d5362cf7ca911a909b6
SHA512

abd618071957858c29b63f78c8e39cdd7c9610fc8b1a918a25c725fe660dad1277d3aa2a044f4ebd8312d00b64177dd4bd762b82b31e5d61eb4efc909d04f34f

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

Cleaner.exe

Resource

win7-20220414-en

xmrig discovery evasion exploit miner

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Cleaner.exe

Resource

win10v2004-20220414-en

xmrig discovery evasion exploit miner

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Cleaner.exe
- Size
  
  2.5MB
- MD5
  
  dbd1ed5d49db4a7042a7972e31e062bc
- SHA1
  
  f792cf6a1ed7f4ed8eebce2c09416f9d8764fe30
- SHA256
  
  f691787d560b58a0b92c6aa24732112cf0a8f57dd813aa1f3101d0fa73925be6
- SHA512
  
  6e72f161108640fbe9ef312131f6ca443c78167b5db39e34f63c89bc77771205f8c25f145684db38c36569de9b1f524ab69c1161636d0bbd6cc098e2c4a35cb8
Score

10^/10

xmrig discovery evasion exploit miner
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Tasks

static1

behavioral1

xmrigdiscoveryevasionexploitminer

behavioral2

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy