xmrig | 2276decf1e3a971157aedf6455c79109c30e9871b17e4cbf5d4305353cc014ef | Triage

Submit
Reports

Overview

overview

Static

static

2276decf1e...ef.exe

windows7-x64

2276decf1e...ef.exe

windows10-2004-x64

Sharing

General

Target

2276decf1e3a971157aedf6455c79109c30e9871b17e4cbf5d4305353cc014ef
Size

2.1MB
Sample

221125-lg25esbf6w
MD5

457115eb0e95e1377f8beaa00b545871
SHA1

9cb01f9d44134355f9f55cf68ef02740e2aee8f0
SHA256

2276decf1e3a971157aedf6455c79109c30e9871b17e4cbf5d4305353cc014ef
SHA512

55328834359be46e42b34afa96c89fc26a52928768bd6ecff0a49f5d823d97e3e3d3b3f53e6de9a18549856517d8ccfc1e9cc363e6360a91fa0ea7aa9a36ce5a
SSDEEP

49152:Uzb5vW78fienXiALMq/09Jbqj0s/YYP6mN:IxhieXt09jaIm

Score

10^/10

xmrig miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

2276decf1e3a971157aedf6455c79109c30e9871b17e4cbf5d4305353cc014ef.exe

Resource

win7-20221111-en

xmrig miner persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2276decf1e3a971157aedf6455c79109c30e9871b17e4cbf5d4305353cc014ef.exe

Resource

win10v2004-20220901-en

xmrig miner persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2276decf1e3a971157aedf6455c79109c30e9871b17e4cbf5d4305353cc014ef
- Size
  
  2.1MB
- MD5
  
  457115eb0e95e1377f8beaa00b545871
- SHA1
  
  9cb01f9d44134355f9f55cf68ef02740e2aee8f0
- SHA256
  
  2276decf1e3a971157aedf6455c79109c30e9871b17e4cbf5d4305353cc014ef
- SHA512
  
  55328834359be46e42b34afa96c89fc26a52928768bd6ecff0a49f5d823d97e3e3d3b3f53e6de9a18549856517d8ccfc1e9cc363e6360a91fa0ea7aa9a36ce5a
- SSDEEP
  
  49152:Uzb5vW78fienXiALMq/09Jbqj0s/YYP6mN:IxhieXt09jaIm
Score

10^/10

xmrig miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigminerpersistence

behavioral2

xmrigminerpersistence

© 2018-2024

Terms | Privacy