xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

Death-RATV0.10.zip
Size

6.5MB
Sample

220923-jyg5gadeg4
MD5

f147f2947f448334da6dd4aff82bc88a
SHA1

9bbc9045f9eff371b69f5ea8169657033b233af4
SHA256

1ff8724c1db86bf071347bf5e4807f5151bf3dbae9e69c415b1dd70197c44c0f
SHA512

d245c79b21458fcd5b3b973de647491529659a9a5b1c9f330c5e1248ff8cbbc6418ba8c4e45cec9bebbe2968147c2d304031db1fd6ee0fcc183b2bbdff888c2d
SSDEEP

196608:8A8tdfgcXbhJTBibXxvDjy9/qIlFdKY3iKZcRF:8AmJfiXZDjyl/lz3JZUF

Score

10^/10

Malware Config

Targets

- Target
  
  Death-RATV0.10/About.txt
- Size
  
  22B
- MD5
  
  e672a92765c760b4819bfdfbedf93cb1
- SHA1
  
  3d98087d6cb661eaab38e0cc9295015c5b298c62
- SHA256
  
  c0ca3da81570c05ea581a22654d23075bd27b942ce2836760b8f8222968c66fe
- SHA512
  
  d08ee1da66e46e7f7f443e60e4154611ebb2d58a5094fe54d775a28f8f3384b26629386fe79fc45907064ea33c7f2aa1d2a5d8b3785cc97dd2c5740931d516bc
Score

1^/10
behavioral1
- Target
  
  Death-RATV0.10/DR.Users/ADMIN-PC_admin_40B3D795/PASS.txt
- Size
  
  50B
- MD5
  
  f312ab011cca3110a9e5a8eeabec5e2d
- SHA1
  
  da6344f75b4f3cd72d4b84156ceba8f8ecb50361
- SHA256
  
  18d41fe9be26b872067773ba4dc52d2bbed0d5df9723751620a0d60936050769
- SHA512
  
  ebfed57d1e96e010d0226b657fdba0a28cb97f61840a7d851ce380632ea08bb6df65a562878f7e985b9ddd43e1ae9aa847fe9ebf381c28ab9eba3faac61edbb5
Score

1^/10
behavioral2
- Target
  
  Death-RATV0.10/DR.Users/ADMIN-PC_admin_78DF34F3/PASS.txt
- Size
  
  49B
- MD5
  
  730ac54258edc89ac0626b7197cd1a9b
- SHA1
  
  bbfec262889ba2042890a94afcf6704f6d7f936d
- SHA256
  
  5b2eba1ce62e9c76246cd565d8b4ed1db2b88ce28fe3cb4141b7fff209aea889
- SHA512
  
  b1a63d6e900fa727383bc0a37f5161c25445a2769833489a375eedb2b24ec28eaca986a92ea8b6d9c90988e806cebc6de7224ddb531805e9331330eb5d619cc3
Score

1^/10
behavioral3
- Target
  
  Death-RATV0.10/Death-RATx.exe
- Size
  
  4.9MB
- MD5
  
  0de35b9d3c34348e2ca0d9453f6c37e7
- SHA1
  
  fe28baaa18e703db7c007573ae3571b6326d36fa
- SHA256
  
  11a02d807f9e94fa6686cad39e12af11658e02193be8cdd64cb9068fc8047893
- SHA512
  
  b0921866abccd0f81c2b0de4182127e4ec95d74b4d555bce4b900d057130cc28e72c1fe30b0c187bdc437166c79cf0b4dc02b84b08e6a39c1f5c1cb4d532d05f
- SSDEEP
  
  98304:+JnZwQ2/VAQRxdsPKJ/lRM/oO3FX5Tz1m2HK1cmJqoI:+JWQ2/GQDd3JjPOVXRzPHGcJL
Score

10^/10

xmrig evasion miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral4
- Target
  
  Death-RATV0.10/HVMRuntm.dll
- Size
  
  1.9MB
- MD5
  
  2f0f1d57597f81ec3aafd1229f6caaab
- SHA1
  
  bae07077e5c8f7b697629262a23628df1af4ed4e
- SHA256
  
  a4a863dac7b98001019e457d3e537c6721cdf5c550e4cb97b60d8211592bbde6
- SHA512
  
  9dfa1b701f6009aea07014637201cf17b9d973689e36d3d8ed79bd5f18fd728300f7a7912abd03fb7e5cb5b4f0608f07af48d4edbd2ae2405655b4c6805a9b5c
- SSDEEP
  
  49152:iEvoralF+gNnBGmE44WeIdML+WbK3mW805d83B/pd:q6+gNB844oOLfK3n8AAl
Score

1^/10
behavioral5
- Target
  
  Death-RATV0.10/Mono.Cecil.dll
- Size
  
  305KB
- MD5
  
  851ec9d84343fbd089520d420348a902
- SHA1
  
  f8e2a80130058e4db3cf569cf4297d07d05c93e0
- SHA256
  
  cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9
- SHA512
  
  5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1
- SSDEEP
  
  6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB
Score

1^/10
behavioral6
- Target
  
  Death-RATV0.10/SPY-DR/PW.dll
- Size
  
  39KB
- MD5
  
  db87daf76c15f3808cec149f639aa64f
- SHA1
  
  d67f84a44ddc25432ce179aeba9cff778af746ee
- SHA256
  
  a3e4bee1b6944aa9266bd58de3f534a4c1896df621881a5252a0d355a6e67c70
- SHA512
  
  ad7dc75254180ff7c988b7f394ad76b696384002457d558469d2c6401dd97cba54c532245bb555ab28d2beda3ab504736bb2b89040a21ba6598929392daab473
- SSDEEP
  
  768:fqcFOkBO3jzamnEjt0Wp8em0nktiwRnKSg42+:fvg3jumny0Wp8em08NBgG
Score

1^/10
behavioral7
- Target
  
  Death-RATV0.10/SPY-DR/SPY_DR1.dll
- Size
  
  62KB
- MD5
  
  aa4360ab817f3e6d0c7a00f9d9bb3104
- SHA1
  
  453afc8d21e20407115074619c422e7984bfa13f
- SHA256
  
  bcf3dff912801478e444c99ff9a6e9b6e26d0a97b5d234b3d5fbf2c935042d07
- SHA512
  
  4c1f784289cbe74daee46c71f90646ba2b2dc7b9f23ceb9090cd9e15d34b952dd449663db9dfe069da32e1b0bbddd0d5808ccaa9b62bfb7d26ac6fc704bae97d
- SSDEEP
  
  1536:Dw7rHVnxI1p/lJ9iPvcKUepz5B7hcyzzR:MZxYdZepz5Blcyzz
Score

1^/10
behavioral8
- Target
  
  Death-RATV0.10/SPY-DR/SPY_DR2.dll
- Size
  
  13KB
- MD5
  
  c1742923e413d023324f14c499d3c409
- SHA1
  
  5213fe76b24993b4feb529c2e90534d3ae5b0568
- SHA256
  
  7bc15c41a6bc85074df034a45c8be09552717f1efa7eda35ce67ad114cc1e1fc
- SHA512
  
  02131280bb68e7d48b90bd2809ff4fd701f7ccc029dfc2af6b5ea0e3ca83ac7d9c4f38b63dfb1a31fec9f97592adf04d3a95058ed51114e9ee5e71968df8d6cc
- SSDEEP
  
  192:A1pbrkyFIcTqm3UB+7Mlj9F5v7ox/lVm8+NznfNXNlFsgly:A1JrkAIcmmkAKj5zox/rm8+dfNXNf
Score

1^/10
behavioral9
- Target
  
  Death-RATV0.10/SPY-DR/SPY_DR3.dll
- Size
  
  13KB
- MD5
  
  8f901616b83fa9d266d41bf04fc280c0
- SHA1
  
  4f20223a8f578c9884bbd38885845d7343035be9
- SHA256
  
  fbb75cad6a497679e03276233b23dfdc3ac2161279baddb12a4a6d13497ef52f
- SHA512
  
  3d79cd2d58007a39440402a58e8e29e0ac5f029c8358941f763b6183fff8ac789de4e7d6c32e592724dc95392055873979981224b36e57c84b3165fac191c5ed
- SSDEEP
  
  192:Bq8i8/5BufSlCMxgj4hQy90nfHWmlVks0l:Bf/3ASl6RC0fHWmlVksc
Score

1^/10
behavioral10
- Target
  
  Death-RATV0.10/SPY-DR/SPY_DR4.dll
- Size
  
  8KB
- MD5
  
  e0b8a693ff200d5eb5e29616da8ef3f4
- SHA1
  
  71981dacdf2baa5f5a9cc658f460f66b192a9863
- SHA256
  
  25f914cf1e661a4b18f99ed7c551f225eeb26ec883b61eb4d1c035529e23c669
- SHA512
  
  5d10fe68a34384a9ad42f48e64b8b54a6c2810496609f3ed55edeb9c5b6cbffa484d8434f1f1aebbc470724940100a64f6865513ab1042be56473123d554ea8e
- SSDEEP
  
  96:S4uvFfI8WEGDLJJ0lDoaztgtpYmnoqD6APVZYWQvIO3Bi5pNnU8ZS4A3Fc45K93:S3FnWE6VqfJ8CNqD6APbIIyixnYVjK9
Score

1^/10
behavioral11
- Target
  
  Death-RATV0.10/SPY-DR/SPY_DR5.dll
- Size
  
  50KB
- MD5
  
  d4c5ddc00f27162fc0947830e0e762b7
- SHA1
  
  7769be616d752e95d80e167f2ef4cc6b8c3c21fe
- SHA256
  
  b6fb6b66821e70a27a4750b0cd0393e4ee2603a47feac48d6a3d66d1c1cb56d5
- SHA512
  
  9555f800213f2f4a857b4558aa4d030edf41485b8366812d5a6b9adcc77fc21584e30d2dd9ce515846f3a809c85038958cb8174bf362cf6fed97ca99a826e379
- SSDEEP
  
  1536:YmXfC5RemUFTxqPbSiQZrCF1HzGL17d8:YmXfCgFTxq+iQZrGTGL17d8
Score

1^/10
behavioral12
- Target
  
  Death-RATV0.10/SPY-DR/SPY_DR6.dll
- Size
  
  10KB
- MD5
  
  f26237afd2039195aa8658a201e9beb2
- SHA1
  
  3877691d3d96d40cc0e42d9b3c6e8c056df529a7
- SHA256
  
  bcc99bf8626492e2937eaf499f8df31b7fe9fd85d4d6961250743eb7b976ba25
- SHA512
  
  0eff4fe50fe19298a33dd43d538bdd4055088850256c43ab57f8d6524bcda4dd9923b2f72e4fda6a61d216b2bf996ababd19bf474aa5369cb2ae2e230ddb8aa2
- SSDEEP
  
  192:N/hbB1rNRFlmnZTA6anEaaPs6v/43nJMqrOdiW:pV/CZaEaaPtv/43JRH
Score

1^/10
behavioral13
- Target
  
  Death-RATV0.10/SPY-DR/SPY_DR7.dll
- Size
  
  39KB
- MD5
  
  db87daf76c15f3808cec149f639aa64f
- SHA1
  
  d67f84a44ddc25432ce179aeba9cff778af746ee
- SHA256
  
  a3e4bee1b6944aa9266bd58de3f534a4c1896df621881a5252a0d355a6e67c70
- SHA512
  
  ad7dc75254180ff7c988b7f394ad76b696384002457d558469d2c6401dd97cba54c532245bb555ab28d2beda3ab504736bb2b89040a21ba6598929392daab473
- SSDEEP
  
  768:fqcFOkBO3jzamnEjt0Wp8em0nktiwRnKSg42+:fvg3jumny0Wp8em08NBgG
Score

1^/10
behavioral14
- Target
  
  Death-RATV0.10/Stub.il
- Size
  
  69KB
- MD5
  
  93c789cec14b01c8a36b541d424e1ca3
- SHA1
  
  81937987af94b2477071c16bf235157742341273
- SHA256
  
  5614d32c48812552b8f5686c9cbad902d2a8b3b24fe8d062467d2f98a9c69b11
- SHA512
  
  7cd51426e7e36a979b2bb0edccf4b1b848c1159cf835a1b50ea7d8586d21bf4828e4ac3855115412d63bd4ab7cd3f4d16ce95aeda7610a73bdf844b151ea604c
- SSDEEP
  
  768:PRZ4xcQTJ4vFmBm2m17XO+V9ZhjV8mR+kyUY/DA8vxwpJzYcHeUZ:ZZQTVsF72E7X/9ZZV8wXyUEwpYU
Score

1^/10
behavioral15
- Target
  
  Death-RATV0.10/WinMM.Net.dll
- Size
  
  43KB
- MD5
  
  d4b80052c7b4093e10ce1f40ce74f707
- SHA1
  
  2494a38f1c0d3a0aa9b31cf0650337cacc655697
- SHA256
  
  59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46
- SHA512
  
  3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450
- SSDEEP
  
  768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
Score

1^/10
behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

XMRig Miner payload

Executes dropped EXE

Modifies Windows Firewall

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16