xmrig | 776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b | Triage

Submit
Reports

Overview

overview

Static

static

776735ffea...9b.exe

windows7-x64

776735ffea...9b.exe

windows10-2004-x64

Sharing

General

Target

776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b
Size

802KB
Sample

220930-y6xbpaffep
MD5

dfa611cd9978c8099282d698d8ed4dc7
SHA1

0aa3b51130d24e43ff7b6146c02bc517f78da12d
SHA256

776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b
SHA512

93284d4b7d4bdeba22404d2521bb94f446f5838e8bc1cda34dfdb838dadefaab9dc0f32ee9235571c02572dec4f56869f1a11851d3fd3f4fd510fb0c7f1ff30f
SSDEEP

24576:82G/nvxW3WdmsuTwueIzi6c4zjJwBnyW2ZCh5XXAhx:8bA3lsu0ueLgz6QW8Cyx

Score

10^/10

xmrig miner upx

Static task

static1

Behavioral task

behavioral1

Sample

776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b.exe

Resource

win7-20220812-en

xmrig miner upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b.exe

Resource

win10v2004-20220901-en

xmrig miner upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b
- Size
  
  802KB
- MD5
  
  dfa611cd9978c8099282d698d8ed4dc7
- SHA1
  
  0aa3b51130d24e43ff7b6146c02bc517f78da12d
- SHA256
  
  776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b
- SHA512
  
  93284d4b7d4bdeba22404d2521bb94f446f5838e8bc1cda34dfdb838dadefaab9dc0f32ee9235571c02572dec4f56869f1a11851d3fd3f4fd510fb0c7f1ff30f
- SSDEEP
  
  24576:82G/nvxW3WdmsuTwueIzi6c4zjJwBnyW2ZCh5XXAhx:8bA3lsu0ueLgz6QW8Cyx
Score

10^/10

xmrig miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detectes Phoenix Miner Payload
  miner
- XMRig Miner payload
  miner
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy