xmrig | e244f4b3b1614865dcd266ca2e057a1d7aa2a09c87bc1feb823fb1ac858f4fa2 | Triage

Submit
Reports

Overview

overview

Static

static

e6001aac5a...6f.exe

windows7-x64

e6001aac5a...6f.exe

windows10-2004-x64

Sharing

General

Target

e6001aac5a3ee379149fd36bb6fb0d6f.exe
Size

9.4MB
Sample

221102-nm94bsbeb3
MD5

e6001aac5a3ee379149fd36bb6fb0d6f
SHA1

071044b203de973c31e2504411cfa445b95402cf
SHA256

e244f4b3b1614865dcd266ca2e057a1d7aa2a09c87bc1feb823fb1ac858f4fa2
SHA512

f0f43f07b75aa5c705078e804a03ab786566bf4684211cfb88fd407c344b89dbdbac150768ed8a4a66c5e3d9f414572b7892cb0211ecfc7806fd31e376716d59
SSDEEP

196608:lKhSUcGJi2WNOVCjJ81tMeO3PNa/fm9BPq+lIx2YBWO:KYWi2WqCjJMmc/b+lNk

Score

10^/10

xmrig evasion miner upx

Static task

static1

Behavioral task

behavioral1

Sample

e6001aac5a3ee379149fd36bb6fb0d6f.exe

Resource

win7-20220812-en

xmrig evasion miner upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

e6001aac5a3ee379149fd36bb6fb0d6f.exe

Resource

win10v2004-20220812-en

xmrig evasion miner upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  e6001aac5a3ee379149fd36bb6fb0d6f.exe
- Size
  
  9.4MB
- MD5
  
  e6001aac5a3ee379149fd36bb6fb0d6f
- SHA1
  
  071044b203de973c31e2504411cfa445b95402cf
- SHA256
  
  e244f4b3b1614865dcd266ca2e057a1d7aa2a09c87bc1feb823fb1ac858f4fa2
- SHA512
  
  f0f43f07b75aa5c705078e804a03ab786566bf4684211cfb88fd407c344b89dbdbac150768ed8a4a66c5e3d9f414572b7892cb0211ecfc7806fd31e376716d59
- SSDEEP
  
  196608:lKhSUcGJi2WNOVCjJ81tMeO3PNa/fm9BPq+lIx2YBWO:KYWi2WqCjJMmc/b+lNk
Score

10^/10

xmrig evasion miner upx
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerupx

behavioral2

xmrigevasionminerupx

© 2018-2024

Terms | Privacy