xmrig | 0141ea4548c515c69c3d61c1463235730c18543654c568512dcedd81d26eeac8 | Triage

Submit
Reports

Overview

overview

Static

static

7a90312b84...c0.exe

windows7-x64

8

7a90312b84...c0.exe

windows10-2004-x64

Sharing

General

Target

7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0
Size

600KB
Sample

221129-yaz3pscg7y
MD5

d59d4957cbed239f9f454a958532f0fb
SHA1

20a4c13477daf6d8338b2dd6cd3f15258029974b
SHA256

0141ea4548c515c69c3d61c1463235730c18543654c568512dcedd81d26eeac8
SHA512

4c3da44793007b0683fbf7cd683c4142e40c9c6a8c9de8868197e89cf3dd69129d47fd3368c809024348e5e321bbe0242a7155e6bd2d58deeb79fdbd38ba8152
SSDEEP

12288:mCntmdCr4tMhP5aYJKHVncNbCQB6X/+hiYDq6w:Dt90tMhFJKNUE+E7

Score

10^/10

xmrig miner

Static task

static1

Behavioral task

behavioral1

Sample

7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0.exe

Resource

win7-20221111-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0
- Size
  
  648KB
- MD5
  
  4f17d8dcc61d0dea7dd6c4cd0162b246
- SHA1
  
  d3a2505f416a32ed98e71117db7188cf1a464c5d
- SHA256
  
  7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0
- SHA512
  
  c4364d742f83dde0aec4a6120f5521bfff3df7e522eb43a3c9bcca6f3fbf3fdd000edb6aeceb2e4c84bebea46a6a3b110f538a982ce41919fb9f8da88ece98b2
- SSDEEP
  
  12288:cm+6CtnUrur4tohP1aYZKHbncTnCQB6X/MJiY:x+rpX0tohhZKb+YM
Score

10^/10

xmrig miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy