xmrig | 2513d65f66c1cc8f0fa370a686c0d300014768077b69845d418b28aa68327cbc | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

1

winprofile

windows10-1703-x64

Sharing

General

Target

2513d65f66c1cc8f0fa370a686c0d300014768077b69845d418b28aa68327cbc
Size

2.2MB
Sample

221003-17cpsahhdq
MD5

dac9e82594a59d84987c39a8fbda4117
SHA1

2d30c4d2967dcd3c341f1448f48290e21f6b7fa9
SHA256

2513d65f66c1cc8f0fa370a686c0d300014768077b69845d418b28aa68327cbc
SHA512

f91758fd92f59761bc4df88220b8e74bacaa0ab3f5b7f493f62b8674b7e70153a369d20665607e26e095e95656ea61fcc0226509084325c03bf48bfc9d89e0d4
SSDEEP

12288:SoP30jMrUjSA5zctrU52sgR8H67Z3CfSuFAVPW6KI1c8eFL0PV8HNA60JWlmUEvQ:yjMC5AJUIbl+8u0PV8HNjmUEvi

Score

10^/10

xmrig miner upx

Static task

static1

Behavioral task

behavioral1

Sample

2513d65f66c1cc8f0fa370a686c0d300014768077b69845d418b28aa68327cbc.exe

Resource

win7-20220901-en

windows7-x64

0 signatures

300 seconds

Behavioral task

behavioral2

Sample

2513d65f66c1cc8f0fa370a686c0d300014768077b69845d418b28aa68327cbc.exe

Resource

win10-20220812-en

xmrig miner upx

windows10-1703-x64

16 signatures

300 seconds

Malware Config

Targets

- Target
  
  2513d65f66c1cc8f0fa370a686c0d300014768077b69845d418b28aa68327cbc
- Size
  
  2.2MB
- MD5
  
  dac9e82594a59d84987c39a8fbda4117
- SHA1
  
  2d30c4d2967dcd3c341f1448f48290e21f6b7fa9
- SHA256
  
  2513d65f66c1cc8f0fa370a686c0d300014768077b69845d418b28aa68327cbc
- SHA512
  
  f91758fd92f59761bc4df88220b8e74bacaa0ab3f5b7f493f62b8674b7e70153a369d20665607e26e095e95656ea61fcc0226509084325c03bf48bfc9d89e0d4
- SSDEEP
  
  12288:SoP30jMrUjSA5zctrU52sgR8H67Z3CfSuFAVPW6KI1c8eFL0PV8HNA60JWlmUEvQ:yjMC5AJUIbl+8u0PV8HNjmUEvi
Score

10^/10

xmrig miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detectes Phoenix Miner Payload
  miner
- XMRig Miner payload
  miner
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy