xmrig | a93ca655369139ae62ade78986971e87d9466400a31c5e4afc0376d960c7d7dd | Triage

Submit
Reports

Overview

overview

Static

static

3e4e0407d8...54.dll

windows7-x64

3e4e0407d8...54.dll

windows10-2004-x64

Sharing

General

Target

3e4e0407d84ab7439ae29b79d70aac54.dll
Size

2.7MB
Sample

220911-hh2y9sbbb9
MD5

3e4e0407d84ab7439ae29b79d70aac54
SHA1

dffe8b6a7be96da2212f5fe0c043a3e29db37ef9
SHA256

a93ca655369139ae62ade78986971e87d9466400a31c5e4afc0376d960c7d7dd
SHA512

bc848a7be05991d627a356dd402b6a77f4188dbd6f2d1d1babb926f0a0b2cb9bbf9b2ce60763450c7fc51114338bdd642a24e8fadddfa554694ee9252833b5b5
SSDEEP

49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYcx2ek:P1Kqvv07noI7lOOYcD

Score

10^/10

xmrig evasion miner spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

3e4e0407d84ab7439ae29b79d70aac54.dll

Resource

win7-20220901-en

xmrig evasion miner spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

3e4e0407d84ab7439ae29b79d70aac54.dll

Resource

win10v2004-20220812-en

xmrig evasion miner spyware stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  3e4e0407d84ab7439ae29b79d70aac54.dll
- Size
  
  2.7MB
- MD5
  
  3e4e0407d84ab7439ae29b79d70aac54
- SHA1
  
  dffe8b6a7be96da2212f5fe0c043a3e29db37ef9
- SHA256
  
  a93ca655369139ae62ade78986971e87d9466400a31c5e4afc0376d960c7d7dd
- SHA512
  
  bc848a7be05991d627a356dd402b6a77f4188dbd6f2d1d1babb926f0a0b2cb9bbf9b2ce60763450c7fc51114338bdd642a24e8fadddfa554694ee9252833b5b5
- SSDEEP
  
  49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYcx2ek:P1Kqvv07noI7lOOYcD
Score

10^/10

xmrig evasion miner spyware stealer upx
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerspywarestealerupx

behavioral2

xmrigevasionminerspywarestealerupx

© 2018-2024

Terms | Privacy