xmrig | 283c105c2c82782829e0cea2d161a09d024b914ed1a55cbbe52d2fbf54744909 | Triage

Submit
Reports

Overview

overview

Static

static

283c105c2c...09.exe

windows7-x64

283c105c2c...09.exe

windows10-2004-x64

7

Sharing

General

Target

283c105c2c82782829e0cea2d161a09d024b914ed1a55cbbe52d2fbf54744909
Size

17.2MB
Sample

221125-lcj32sbd3s
MD5

9fa1aa9681eba02e7e5dee5619fe5f50
SHA1

63dc379b6f25d5c3be14950b7803f8ef89e6baf4
SHA256

283c105c2c82782829e0cea2d161a09d024b914ed1a55cbbe52d2fbf54744909
SHA512

a185dc56afbf53b5b99dd30bbfb2fbb1ce35a42cdfd776f338d29d15a2a5712f6458e2a6855e64fa07f26fe6d68fcf92cd178a50f08e60fe24f0ba41848cedc7
SSDEEP

196608:kVabKDvhkItVBCfQD+N2xHv2AOrpFRj/QqjZZ42pawiWix1V5dugapRz9GX0eS+B:gvhk0Ykv2AOD9QLcajWinHaXz9G0j

Score

10^/10

xmrig miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

283c105c2c82782829e0cea2d161a09d024b914ed1a55cbbe52d2fbf54744909.exe

Resource

win7-20220812-en

xmrig miner persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

283c105c2c82782829e0cea2d161a09d024b914ed1a55cbbe52d2fbf54744909.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  283c105c2c82782829e0cea2d161a09d024b914ed1a55cbbe52d2fbf54744909
- Size
  
  17.2MB
- MD5
  
  9fa1aa9681eba02e7e5dee5619fe5f50
- SHA1
  
  63dc379b6f25d5c3be14950b7803f8ef89e6baf4
- SHA256
  
  283c105c2c82782829e0cea2d161a09d024b914ed1a55cbbe52d2fbf54744909
- SHA512
  
  a185dc56afbf53b5b99dd30bbfb2fbb1ce35a42cdfd776f338d29d15a2a5712f6458e2a6855e64fa07f26fe6d68fcf92cd178a50f08e60fe24f0ba41848cedc7
- SSDEEP
  
  196608:kVabKDvhkItVBCfQD+N2xHv2AOrpFRj/QqjZZ42pawiWix1V5dugapRz9GX0eS+B:gvhk0Ykv2AOD9QLcajWinHaXz9G0j
Score

10^/10

xmrig miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigminerpersistence

behavioral2

© 2018-2024

Terms | Privacy