Overview

overview

10

Static

static

winprofile

windows7_x64

8

winprofile

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26ef46e737087bf94204211d072b38b074d857389153b0dce16305efb05e3725

  • Size

    63KB

  • Sample

    220522-158z7seden

  • MD5

    d7cf93cdc74ec7ee635a0ab5ad0dd573

  • SHA1

    88eb48930852beeec6d810967506ad4462329253

  • SHA256

    26ef46e737087bf94204211d072b38b074d857389153b0dce16305efb05e3725

  • SHA512

    f158983b8cce0849c4947db54ce08519cb1aae1c8d00ac56c9b24bf988aceddd5842a2fbb34ae02c29d908b33e537fd7faeaeca6bc96d6710524d581f2bf9966

Score
10/10
xmrigminerpersistence

Malware Config

Targets

    • Target

      26ef46e737087bf94204211d072b38b074d857389153b0dce16305efb05e3725

    • Size

      63KB

    • MD5

      d7cf93cdc74ec7ee635a0ab5ad0dd573

    • SHA1

      88eb48930852beeec6d810967506ad4462329253

    • SHA256

      26ef46e737087bf94204211d072b38b074d857389153b0dce16305efb05e3725

    • SHA512

      f158983b8cce0849c4947db54ce08519cb1aae1c8d00ac56c9b24bf988aceddd5842a2fbb34ae02c29d908b33e537fd7faeaeca6bc96d6710524d581f2bf9966

    Score
    10/10
    persistencexmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks