xmrig | 4b61679662313916b18999fbe63ea2d0163d2b3e6aad16e09aea27cbb97dac9e | Triage

Submit
Reports

Overview

overview

Static

static

8

4b61679662...9e.exe

windows7_x64

8

4b61679662...9e.exe

windows10-2004_x64

Sharing

General

Target

4b61679662313916b18999fbe63ea2d0163d2b3e6aad16e09aea27cbb97dac9e
Size

2.1MB
Sample

220520-w9evpscbc9
MD5

087d6c8306538655e99a7cbc734152e6
SHA1

3f4499b01e23549ce5c2992ffaf098de9ed4cbc6
SHA256

4b61679662313916b18999fbe63ea2d0163d2b3e6aad16e09aea27cbb97dac9e
SHA512

60b8822d1cff7fb8b82484a50fb195148d9f0d11c5d5d14a9f01c5622a324ec433828087c32416037b0567d68527364d6795bb302575d6b5e739e027ea400b40

Score

10^/10

xmrig evasion miner upx

Static task

static1

Behavioral task

behavioral1

Sample

4b61679662313916b18999fbe63ea2d0163d2b3e6aad16e09aea27cbb97dac9e.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4b61679662313916b18999fbe63ea2d0163d2b3e6aad16e09aea27cbb97dac9e.exe

Resource

win10v2004-20220414-en

xmrig evasion miner upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4b61679662313916b18999fbe63ea2d0163d2b3e6aad16e09aea27cbb97dac9e
- Size
  
  2.1MB
- MD5
  
  087d6c8306538655e99a7cbc734152e6
- SHA1
  
  3f4499b01e23549ce5c2992ffaf098de9ed4cbc6
- SHA256
  
  4b61679662313916b18999fbe63ea2d0163d2b3e6aad16e09aea27cbb97dac9e
- SHA512
  
  60b8822d1cff7fb8b82484a50fb195148d9f0d11c5d5d14a9f01c5622a324ec433828087c32416037b0567d68527364d6795bb302575d6b5e739e027ea400b40
Score

10^/10

evasion upx xmrig miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Impair Defenses

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

xmrigevasionminerupx

© 2018-2024

Terms | Privacy