xmrig | 3d3841460e41c5c4bb24abfbacae5d8d0cbfd2c5fe0f15466cea6c3958724a57 | Triage

Submit
Reports

Overview

overview

Static

static

3d3841460e...57.exe

windows7_x64

3d3841460e...57.exe

windows10-2004_x64

Sharing

General

Target

3d3841460e41c5c4bb24abfbacae5d8d0cbfd2c5fe0f15466cea6c3958724a57
Size

1.1MB
Sample

220703-eergksgaf8
MD5

491849a7cdb5ccc2f8470666d0efde02
SHA1

5912fc8700db9eb7988cce74336ea567205b68e6
SHA256

3d3841460e41c5c4bb24abfbacae5d8d0cbfd2c5fe0f15466cea6c3958724a57
SHA512

c0f68923936eb4380fcc099198821c34059455dd8555ea10bfc300324c126f276c1b3b90ef671daf4d63340a75140ecfb77c84ca9b7b6e9c37ff97087e120e9d

Score

10^/10

xmrig aspackv2 miner

Static task

static1

Behavioral task

behavioral1

Sample

3d3841460e41c5c4bb24abfbacae5d8d0cbfd2c5fe0f15466cea6c3958724a57.exe

Resource

win7-20220414-en

xmrig aspackv2 miner

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3d3841460e41c5c4bb24abfbacae5d8d0cbfd2c5fe0f15466cea6c3958724a57.exe

Resource

win10v2004-20220414-en

xmrig aspackv2 miner

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3d3841460e41c5c4bb24abfbacae5d8d0cbfd2c5fe0f15466cea6c3958724a57
- Size
  
  1.1MB
- MD5
  
  491849a7cdb5ccc2f8470666d0efde02
- SHA1
  
  5912fc8700db9eb7988cce74336ea567205b68e6
- SHA256
  
  3d3841460e41c5c4bb24abfbacae5d8d0cbfd2c5fe0f15466cea6c3958724a57
- SHA512
  
  c0f68923936eb4380fcc099198821c34059455dd8555ea10bfc300324c126f276c1b3b90ef671daf4d63340a75140ecfb77c84ca9b7b6e9c37ff97087e120e9d
Score

10^/10

xmrig aspackv2 miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- XMRig Miner Payload
  miner
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigaspackv2miner

behavioral2

xmrigaspackv2miner

© 2018-2024

Terms | Privacy