xmrig | d4f71f1933aba41e003d363321a199fb262d27a8c2a42ff3aaa61e28a38ab1be | Triage

Submit
Reports

Overview

overview

Static

static

d4f71f1933...be.exe

windows7_x64

d4f71f1933...be.exe

windows10-2004_x64

Sharing

General

Target

d4f71f1933aba41e003d363321a199fb262d27a8c2a42ff3aaa61e28a38ab1be
Size

12.8MB
Sample

220516-q57r2adab8
MD5

e293f7a69f4b687ff718897087b594cb
SHA1

97bc9ce0fdb3609e8ea9c4d4ee50c5aa1d7f739e
SHA256

d4f71f1933aba41e003d363321a199fb262d27a8c2a42ff3aaa61e28a38ab1be
SHA512

71b54b2351739b63b8c5449ec2f7ee1848402d7fb0a7358e907667744fef1d455320cf7199e0447fa40bacccc2e6d593ae87dcb14fd8bf5d8448aa56dcd9030e

Score

10^/10

xmrig evasion miner persistence spyware stealer trojan upx

Static task

static1

miner upx xmrig

Behavioral task

behavioral1

Sample

d4f71f1933aba41e003d363321a199fb262d27a8c2a42ff3aaa61e28a38ab1be.exe

Resource

win7-20220414-en

xmrig evasion miner persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d4f71f1933aba41e003d363321a199fb262d27a8c2a42ff3aaa61e28a38ab1be.exe

Resource

win10v2004-20220414-en

xmrig evasion miner persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d4f71f1933aba41e003d363321a199fb262d27a8c2a42ff3aaa61e28a38ab1be
- Size
  
  12.8MB
- MD5
  
  e293f7a69f4b687ff718897087b594cb
- SHA1
  
  97bc9ce0fdb3609e8ea9c4d4ee50c5aa1d7f739e
- SHA256
  
  d4f71f1933aba41e003d363321a199fb262d27a8c2a42ff3aaa61e28a38ab1be
- SHA512
  
  71b54b2351739b63b8c5449ec2f7ee1848402d7fb0a7358e907667744fef1d455320cf7199e0447fa40bacccc2e6d593ae87dcb14fd8bf5d8448aa56dcd9030e
Score

10^/10

xmrig evasion miner persistence spyware stealer trojan
- UAC bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminerpersistencespywarestealertrojan

behavioral2

xmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy