xmrig | ddcfbba52f543dde3ebc9f9f8ec0f56671b19a00b492b1bdceb4524d5253552f | Triage

Submit
Reports

Overview

overview

Static

static

ddcfbba52f...2f.exe

windows7_x64

ddcfbba52f...2f.exe

windows10-2004_x64

Sharing

General

Target

ddcfbba52f543dde3ebc9f9f8ec0f56671b19a00b492b1bdceb4524d5253552f
Size

22.0MB
Sample

220516-q5587sfehq
MD5

e4befcc350184261d26c46be9a9dfd63
SHA1

68a505f4faac140551e8b79337b28e002a1d1ccc
SHA256

ddcfbba52f543dde3ebc9f9f8ec0f56671b19a00b492b1bdceb4524d5253552f
SHA512

b8e23b4f89c962992fdb13852505a12665f277bfa2382122422fac66652934dcf54b7426880639903320acd7266246e059378defc3619d86cb7e151b10e3c3bd

Score

10^/10

xmrig evasion miner persistence trojan upx

Static task

static1

miner upx xmrig

Behavioral task

behavioral1

Sample

ddcfbba52f543dde3ebc9f9f8ec0f56671b19a00b492b1bdceb4524d5253552f.exe

Resource

win7-20220414-en

xmrig evasion miner persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ddcfbba52f543dde3ebc9f9f8ec0f56671b19a00b492b1bdceb4524d5253552f.exe

Resource

win10v2004-20220414-en

xmrig evasion miner persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ddcfbba52f543dde3ebc9f9f8ec0f56671b19a00b492b1bdceb4524d5253552f
- Size
  
  22.0MB
- MD5
  
  e4befcc350184261d26c46be9a9dfd63
- SHA1
  
  68a505f4faac140551e8b79337b28e002a1d1ccc
- SHA256
  
  ddcfbba52f543dde3ebc9f9f8ec0f56671b19a00b492b1bdceb4524d5253552f
- SHA512
  
  b8e23b4f89c962992fdb13852505a12665f277bfa2382122422fac66652934dcf54b7426880639903320acd7266246e059378defc3619d86cb7e151b10e3c3bd
Score

10^/10

xmrig evasion miner persistence trojan
- UAC bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminerpersistencetrojan

behavioral2

xmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy