xmrig | 22b5e969c1621e6065f407f9fb7f71ef21b592982cc75ff402892b399a49e9a7 | Triage

Submit
Reports

Overview

overview

Static

static

22b5e969c1...a7.exe

windows7_x64

22b5e969c1...a7.exe

windows10-2004_x64

Sharing

General

Target

22b5e969c1621e6065f407f9fb7f71ef21b592982cc75ff402892b399a49e9a7
Size

14.8MB
Sample

220516-q7wgsafhcj
MD5

0167d867d0e0c974d66d6ff02cda9c1c
SHA1

1580c09b356286bb4ab5526ec2367c6c5d36ec0a
SHA256

22b5e969c1621e6065f407f9fb7f71ef21b592982cc75ff402892b399a49e9a7
SHA512

e8ef3047e28d7f237f05bde56b543ad67667e1dd83cde7ecdafa303b12dc33dfa95902b1afb4571a7edff699191b92d05ace1d9add54df2520604aa52c10e6be

Score

10^/10

xmrig evasion miner persistence trojan upx

Static task

static1

miner upx xmrig

Behavioral task

behavioral1

Sample

22b5e969c1621e6065f407f9fb7f71ef21b592982cc75ff402892b399a49e9a7.exe

Resource

win7-20220414-en

xmrig evasion miner persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

22b5e969c1621e6065f407f9fb7f71ef21b592982cc75ff402892b399a49e9a7.exe

Resource

win10v2004-20220414-en

xmrig evasion miner persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  22b5e969c1621e6065f407f9fb7f71ef21b592982cc75ff402892b399a49e9a7
- Size
  
  14.8MB
- MD5
  
  0167d867d0e0c974d66d6ff02cda9c1c
- SHA1
  
  1580c09b356286bb4ab5526ec2367c6c5d36ec0a
- SHA256
  
  22b5e969c1621e6065f407f9fb7f71ef21b592982cc75ff402892b399a49e9a7
- SHA512
  
  e8ef3047e28d7f237f05bde56b543ad67667e1dd83cde7ecdafa303b12dc33dfa95902b1afb4571a7edff699191b92d05ace1d9add54df2520604aa52c10e6be
Score

10^/10

xmrig evasion miner persistence trojan
- UAC bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminerpersistencetrojan

behavioral2

xmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy