xmrig | 81da89a97b76f03b3d2da7bef83831a8a300038ce4ef552ed983b2168f87dd1c | Triage

Sharing

General

Target

81da89a97b76f03b3d2da7bef83831a8a300038ce4ef552ed983b2168f87dd1c
Size

237KB
Sample

220924-2a95fsccc6
MD5

5f74bb48f42d5cc07260e7e96d5652fa
SHA1

764bd78f2af4a51fb5a5c0ffd0ae1ba96a56cfcf
SHA256

81da89a97b76f03b3d2da7bef83831a8a300038ce4ef552ed983b2168f87dd1c
SHA512

42a7925f5d2cbacfcc68ba96fb19e413fbdbc5c9afecd75d44bbda0e8c65467d2ee57d07a4e2f0eae0ab1ae17d95fe453d4ea0aa6198cffed1750e282ab7f0be
SSDEEP

3072:1I0y4Ui91ASc+3ctwIMyPFIJjudUMqhLcziXy7SWdQEn/KvL0JabR5PXStNc:1FqQNc+5TthAv7WzvL0J27PXStNc

Score

10^/10

xmrig miner

Malware Config

Targets

- Target
  
  81da89a97b76f03b3d2da7bef83831a8a300038ce4ef552ed983b2168f87dd1c
- Size
  
  237KB
- MD5
  
  5f74bb48f42d5cc07260e7e96d5652fa
- SHA1
  
  764bd78f2af4a51fb5a5c0ffd0ae1ba96a56cfcf
- SHA256
  
  81da89a97b76f03b3d2da7bef83831a8a300038ce4ef552ed983b2168f87dd1c
- SHA512
  
  42a7925f5d2cbacfcc68ba96fb19e413fbdbc5c9afecd75d44bbda0e8c65467d2ee57d07a4e2f0eae0ab1ae17d95fe453d4ea0aa6198cffed1750e282ab7f0be
- SSDEEP
  
  3072:1I0y4Ui91ASc+3ctwIMyPFIJjudUMqhLcziXy7SWdQEn/KvL0JabR5PXStNc:1FqQNc+5TthAv7WzvL0J27PXStNc
Score

10^/10

xmrig miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2