xmrig | 0ba02f2d1a72eb0a85e55f3e40294fe888d31293d32aab9f48f234936f469af1 | Triage

Submit
Reports

Overview

overview

Static

static

0ba02f2d1a...f1.exe

windows7_x64

0ba02f2d1a...f1.exe

windows10-2004_x64

Sharing

General

Target

0ba02f2d1a72eb0a85e55f3e40294fe888d31293d32aab9f48f234936f469af1
Size

12.3MB
Sample

220516-q72c2afhcl
MD5

03462aa8cacbab7a0c342e7d2fc64b01
SHA1

0b1a2f708fd22ecc21768d92d6ca2c30e9074d36
SHA256

0ba02f2d1a72eb0a85e55f3e40294fe888d31293d32aab9f48f234936f469af1
SHA512

656bf09d92fb0e14ff9c646f80464a4f02248a962c63ed9c199fa130ab3c00b696b487106fcf7d82255e8446e52a0b4b635c1bcd90b2e2b3c4503f3d2b72f53f

Score

10^/10

xmrig evasion miner persistence trojan upx

Static task

static1

miner upx xmrig

Behavioral task

behavioral1

Sample

0ba02f2d1a72eb0a85e55f3e40294fe888d31293d32aab9f48f234936f469af1.exe

Resource

win7-20220414-en

xmrig evasion miner persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0ba02f2d1a72eb0a85e55f3e40294fe888d31293d32aab9f48f234936f469af1.exe

Resource

win10v2004-20220414-en

xmrig evasion miner persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0ba02f2d1a72eb0a85e55f3e40294fe888d31293d32aab9f48f234936f469af1
- Size
  
  12.3MB
- MD5
  
  03462aa8cacbab7a0c342e7d2fc64b01
- SHA1
  
  0b1a2f708fd22ecc21768d92d6ca2c30e9074d36
- SHA256
  
  0ba02f2d1a72eb0a85e55f3e40294fe888d31293d32aab9f48f234936f469af1
- SHA512
  
  656bf09d92fb0e14ff9c646f80464a4f02248a962c63ed9c199fa130ab3c00b696b487106fcf7d82255e8446e52a0b4b635c1bcd90b2e2b3c4503f3d2b72f53f
Score

10^/10

xmrig evasion miner persistence trojan
- UAC bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminerpersistencetrojan

behavioral2

xmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy