Overview

overview

10

Static

static

winprofile

windows7_x64

1

winprofile

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21e31d2b0ba52d5a4721c6fbd668ba15c38a10944b655d91f88802e78633de39

  • Size

    72KB

  • Sample

    220523-17dl3sheh3

  • MD5

    4c11d8924a9ba7552402d01a6d414244

  • SHA1

    ae61014078646a9b07d8fcb84e5a7f98d8ff3b60

  • SHA256

    21e31d2b0ba52d5a4721c6fbd668ba15c38a10944b655d91f88802e78633de39

  • SHA512

    04e202f49b2e0f7372e586edf234416068a7002309ceae515a595c78fade3ac356b7b5181ead0e97c1f5ed832622da04c0da178246e639a37a0808eaa7eeb499

Score
10/10
xmrigminerpersistence

Malware Config

Targets

    • Target

      21e31d2b0ba52d5a4721c6fbd668ba15c38a10944b655d91f88802e78633de39

    • Size

      72KB

    • MD5

      4c11d8924a9ba7552402d01a6d414244

    • SHA1

      ae61014078646a9b07d8fcb84e5a7f98d8ff3b60

    • SHA256

      21e31d2b0ba52d5a4721c6fbd668ba15c38a10944b655d91f88802e78633de39

    • SHA512

      04e202f49b2e0f7372e586edf234416068a7002309ceae515a595c78fade3ac356b7b5181ead0e97c1f5ed832622da04c0da178246e639a37a0808eaa7eeb499

    Score
    10/10
    xmrigminerpersistence

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks