xmrig | f880f3e5cae429ccb498e919c45beb3a016bb3c7ec60209e1e64ba1cc193ad87 | Triage

Submit
Reports

Overview

overview

Static

static

f880f3e5ca...87.exe

windows7_x64

f880f3e5ca...87.exe

windows10-2004_x64

Sharing

General

Target

f880f3e5cae429ccb498e919c45beb3a016bb3c7ec60209e1e64ba1cc193ad87
Size

17.8MB
Sample

220516-q5wd1adab6
MD5

096b08cfe674c716bd8834c1f7fd91e5
SHA1

1fbd8d88ec2036b6402d23e6159811c07ecfb8bb
SHA256

f880f3e5cae429ccb498e919c45beb3a016bb3c7ec60209e1e64ba1cc193ad87
SHA512

bf5336c06d578b80409ffec3b58dd6c7794c247eb6b62030e9b0de7a3091b9b973de9067aa27ce415e6fff80b89be05dfbc63d10b0bd676afe1e99a66a82d51b

Score

10^/10

xmrig evasion miner persistence spyware stealer trojan upx

Static task

static1

miner upx xmrig

Behavioral task

behavioral1

Sample

f880f3e5cae429ccb498e919c45beb3a016bb3c7ec60209e1e64ba1cc193ad87.exe

Resource

win7-20220414-en

xmrig evasion miner persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f880f3e5cae429ccb498e919c45beb3a016bb3c7ec60209e1e64ba1cc193ad87.exe

Resource

win10v2004-20220414-en

xmrig evasion miner persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f880f3e5cae429ccb498e919c45beb3a016bb3c7ec60209e1e64ba1cc193ad87
- Size
  
  17.8MB
- MD5
  
  096b08cfe674c716bd8834c1f7fd91e5
- SHA1
  
  1fbd8d88ec2036b6402d23e6159811c07ecfb8bb
- SHA256
  
  f880f3e5cae429ccb498e919c45beb3a016bb3c7ec60209e1e64ba1cc193ad87
- SHA512
  
  bf5336c06d578b80409ffec3b58dd6c7794c247eb6b62030e9b0de7a3091b9b973de9067aa27ce415e6fff80b89be05dfbc63d10b0bd676afe1e99a66a82d51b
Score

10^/10

xmrig evasion miner persistence trojan spyware stealer
- UAC bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminerpersistencetrojan

behavioral2

xmrigevasionminerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy