xmrig | 2bbf2e073912caf5e14068311b9fdd384e2e3ba18926e6e970be32968f3f044d | Triage

Submit
Reports

Overview

overview

Static

static

InstagramA...or.exe

windows7-x64

InstagramA...or.exe

windows10-2004-x64

Sharing

General

Target

InstagramAccountCreator.exe
Size

50.2MB
Sample

221206-sxkzeadf21
MD5

26f0227e22e82d1bb4b670a57a33f2e4
SHA1

c6ce6febe356e5fcb0edfaf78f1d7f47d73c670e
SHA256

2bbf2e073912caf5e14068311b9fdd384e2e3ba18926e6e970be32968f3f044d
SHA512

b66b1da5cc53307179d6102b053a78103cbadfa949cbdcd8a18dd4507b7422a673eb8e5af4c70ece1e1223005b21f2bbac4d561f66db69193ca28d6a29530401
SSDEEP

786432:nagctlsdx7hxfhCvQhR0+YkqgQkvs2nI+W1/FYtKUi5rum7Xu8+iG9sixXHcf:aJtlsdx7h3Ws0GNI+JKUi5KHxiKsmHc

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

InstagramAccountCreator.exe

Resource

win7-20220812-en

discovery evasion exploit

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

InstagramAccountCreator.exe

Resource

win10v2004-20220901-en

xmrig discovery evasion exploit miner

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  InstagramAccountCreator.exe
- Size
  
  50.2MB
- MD5
  
  26f0227e22e82d1bb4b670a57a33f2e4
- SHA1
  
  c6ce6febe356e5fcb0edfaf78f1d7f47d73c670e
- SHA256
  
  2bbf2e073912caf5e14068311b9fdd384e2e3ba18926e6e970be32968f3f044d
- SHA512
  
  b66b1da5cc53307179d6102b053a78103cbadfa949cbdcd8a18dd4507b7422a673eb8e5af4c70ece1e1223005b21f2bbac4d561f66db69193ca28d6a29530401
- SSDEEP
  
  786432:nagctlsdx7hxfhCvQhR0+YkqgQkvs2nI+W1/FYtKUi5rum7Xu8+iG9sixXHcf:aJtlsdx7h3Ws0GNI+JKUi5KHxiKsmHc
Score

10^/10

discovery evasion exploit xmrig miner
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy