xmrig | 39b66a47affa0edde59d74760fc17de28c0d3cbabe7469d382a721ea91b5c123 | Triage

Submit
Reports

Overview

overview

Static

static

c671c02459...2a.exe

windows7_x64

c671c02459...2a.exe

windows10-2004_x64

Sharing

General

Target

c671c024595fbae1bcb523930b41952a.bin
Size

6.7MB
Sample

220513-fndshsfedp
MD5

c671c024595fbae1bcb523930b41952a
SHA1

af16bda06ebf490087aac1e444e25017e180c7d4
SHA256

39b66a47affa0edde59d74760fc17de28c0d3cbabe7469d382a721ea91b5c123
SHA512

fb1d9e0488eb247c54b86a0fbb7f1929d6ead0de3502d44e5db701aff3b3df0d7b312939e02bb89790006ea4337dc63b973ce5a2971e132a4188d003ddc95a3b

Score

10^/10

xmrig discovery evasion exploit miner persistence suricata

Static task

static1

Behavioral task

behavioral1

Sample

c671c024595fbae1bcb523930b41952a.exe

Resource

win7-20220414-en

xmrig discovery evasion exploit miner persistence suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c671c024595fbae1bcb523930b41952a.exe

Resource

win10v2004-20220414-en

xmrig discovery evasion exploit miner persistence suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://45.81.224.130/any.exe

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://45.81.224.130/curl.exe

Targets

- Target
  
  c671c024595fbae1bcb523930b41952a.bin
- Size
  
  6.7MB
- MD5
  
  c671c024595fbae1bcb523930b41952a
- SHA1
  
  af16bda06ebf490087aac1e444e25017e180c7d4
- SHA256
  
  39b66a47affa0edde59d74760fc17de28c0d3cbabe7469d382a721ea91b5c123
- SHA512
  
  fb1d9e0488eb247c54b86a0fbb7f1929d6ead0de3502d44e5db701aff3b3df0d7b312939e02bb89790006ea4337dc63b973ce5a2971e132a4188d003ddc95a3b
Score

10^/10

xmrig discovery evasion exploit miner persistence suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Blocklisted process makes network request
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Privilege Escalation

New Service

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigdiscoveryevasionexploitminerpersistencesuricata

behavioral2

xmrigdiscoveryevasionexploitminerpersistencesuricata

© 2018-2024

Terms | Privacy