xmrig | 6ae42a8fd4ff87ee3eb1a967cb65802247ace9dd5c724018e77e2d2862549a64 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

6ae42a8fd4ff87ee3eb1a967cb65802247ace9dd5c724018e77e2d2862549a64
Size

4.3MB
Sample

220817-ele25adcb8
MD5

df2e6a3e2de83755886ed20d2e853aa5
SHA1

04e829bad544f581a178c263e2b4a91069533091
SHA256

6ae42a8fd4ff87ee3eb1a967cb65802247ace9dd5c724018e77e2d2862549a64
SHA512

4d6319dcb90b8a99708b87a9ed3c2187c8c1f206611917267f4b2098a9e4ccbbaea99f9549b206fca5dc44608757fc32b8a18049e3cfa80dc4198e35c4ad1078
SSDEEP

98304:DeJchMdICWnnoDLAbUsJxDiM+VO28P08syKTWQMU:qimI3ofwLJEZO28836QN

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

6ae42a8fd4ff87ee3eb1a967cb65802247ace9dd5c724018e77e2d2862549a64.exe

Resource

win7-20220812-en

xmrig discovery evasion exploit miner

windows7-x64

20 signatures

300 seconds

Behavioral task

behavioral2

Sample

6ae42a8fd4ff87ee3eb1a967cb65802247ace9dd5c724018e77e2d2862549a64.exe

Resource

win10-20220812-en

xmrig discovery evasion exploit miner

windows10-1703-x64

16 signatures

300 seconds

Malware Config

Targets

- Target
  
  6ae42a8fd4ff87ee3eb1a967cb65802247ace9dd5c724018e77e2d2862549a64
- Size
  
  4.3MB
- MD5
  
  df2e6a3e2de83755886ed20d2e853aa5
- SHA1
  
  04e829bad544f581a178c263e2b4a91069533091
- SHA256
  
  6ae42a8fd4ff87ee3eb1a967cb65802247ace9dd5c724018e77e2d2862549a64
- SHA512
  
  4d6319dcb90b8a99708b87a9ed3c2187c8c1f206611917267f4b2098a9e4ccbbaea99f9549b206fca5dc44608757fc32b8a18049e3cfa80dc4198e35c4ad1078
- SSDEEP
  
  98304:DeJchMdICWnnoDLAbUsJxDiM+VO28P08syKTWQMU:qimI3ofwLJEZO28836QN
Score

10^/10

xmrig discovery evasion exploit miner
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigdiscoveryevasionexploitminer

behavioral2

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy