xmrig | 025e8edef965f9376d6a0387c3f2952c19e727629920aeea544d963ee89b1594 | Triage

Submit
Reports

Overview

overview

Static

static

8

madk.exe

windows10-1703-x64

madk.exe

windows10-2004-x64

Resubmissions

26-09-2022 23:59

220926-318jzsdcgn 10

21-06-2022 21:54

220621-1skf3sgcg9 10

Sharing

General

Target

madk.exe
Size

3.4MB
Sample

220926-318jzsdcgn
MD5

d00af5991807952929e5b986afd295c9
SHA1

7f5cc8203f2e22bea24bf7f7b2995dc2ef3571ee
SHA256

025e8edef965f9376d6a0387c3f2952c19e727629920aeea544d963ee89b1594
SHA512

c032eec4bbb1a34113ea86606ae3b1c5d94a7f6f7d52d3347341312d4bf3af2dfa730d549b612a37353a21274eae8f10960ad105fc52c4955c33cccf5f0c1cd6
SSDEEP

98304:jKqtESnFRAW/YS7gCPJDEYFu6GyPuzBPrQ:FnFRV/Bt1E8u6yNQ

Score

10^/10

xmrig discovery evasion miner persistence ransomware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

madk.exe

Resource

win10-20220812-en

xmrig discovery evasion miner persistence upx

windows10-1703-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

madk.exe

Resource

win10v2004-20220812-en

xmrig discovery evasion miner persistence ransomware upx

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  madk.exe
- Size
  
  3.4MB
- MD5
  
  d00af5991807952929e5b986afd295c9
- SHA1
  
  7f5cc8203f2e22bea24bf7f7b2995dc2ef3571ee
- SHA256
  
  025e8edef965f9376d6a0387c3f2952c19e727629920aeea544d963ee89b1594
- SHA512
  
  c032eec4bbb1a34113ea86606ae3b1c5d94a7f6f7d52d3347341312d4bf3af2dfa730d549b612a37353a21274eae8f10960ad105fc52c4955c33cccf5f0c1cd6
- SSDEEP
  
  98304:jKqtESnFRAW/YS7gCPJDEYFu6GyPuzBPrQ:FnFRV/Bt1E8u6yNQ
Score

10^/10

xmrig discovery evasion miner persistence upx ransomware
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Clears Windows event logs
  evasion ransomware
- XMRig Miner payload
  miner
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Indicator Removal on Host

Modify Registry

Hidden Files and Directories

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigdiscoveryevasionminerpersistenceupx

behavioral2

xmrigdiscoveryevasionminerpersistenceransomwareupx

© 2018-2024

Terms | Privacy