xmrig | fc33ed2f28a10b4b3cb775f7e699295f604d28bf3bf2cb2bc9185d002f89f91c | Triage

Submit
Reports

Overview

overview

Static

static

mamamiya13...in.dll

windows7-x64

mamamiya13...in.dll

windows10-2004-x64

Sharing

General

Target

mamamiya137_ru_.bin.dll
Size

2.7MB
Sample

220908-3xahsagbe4
MD5

36c48ba4f231388a5f08fae2df0cec58
SHA1

3ba1d0aac10a41519610cf9166ab39b4c092d431
SHA256

fc33ed2f28a10b4b3cb775f7e699295f604d28bf3bf2cb2bc9185d002f89f91c
SHA512

4aa0e73f4eebfeb6cdeaf7cb0d050355185d3b8d91c044a911f895ec614ff0cb8b6d8e89ce3ea73052a4b55444ef1c7f72eaeabf2946a6bee8383ad03d93d4ee
SSDEEP

49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYc92ek:P1Kqvv07noI7lOOYcX

Score

10^/10

xmrig evasion miner spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

mamamiya137_ru_.bin.dll

Resource

win7-20220812-en

xmrig evasion miner spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

mamamiya137_ru_.bin.dll

Resource

win10v2004-20220812-en

xmrig evasion miner spyware stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  mamamiya137_ru_.bin.dll
- Size
  
  2.7MB
- MD5
  
  36c48ba4f231388a5f08fae2df0cec58
- SHA1
  
  3ba1d0aac10a41519610cf9166ab39b4c092d431
- SHA256
  
  fc33ed2f28a10b4b3cb775f7e699295f604d28bf3bf2cb2bc9185d002f89f91c
- SHA512
  
  4aa0e73f4eebfeb6cdeaf7cb0d050355185d3b8d91c044a911f895ec614ff0cb8b6d8e89ce3ea73052a4b55444ef1c7f72eaeabf2946a6bee8383ad03d93d4ee
- SSDEEP
  
  49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYc92ek:P1Kqvv07noI7lOOYcX
Score

10^/10

xmrig evasion miner spyware stealer upx
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerspywarestealerupx

behavioral2

xmrigevasionminerspywarestealerupx

© 2018-2025

Terms | Privacy