xmrig | 6a1c8fe3f496cb8cae1aa6891b96756470f004f899c2159398ebd0c8b438998b | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

9.2MB
Sample

221214-1t8v3abc57
MD5

53540062e2853766764ac60dbaa4baab
SHA1

2996181c5ac1ba583516c7fac5dd22e6e87cd857
SHA256

6a1c8fe3f496cb8cae1aa6891b96756470f004f899c2159398ebd0c8b438998b
SHA512

c505fd7763935469798bb4d1cea25b9f5c282ede03efb59edb49e0a0f539fd1a9e87f4a5998d843a1ab3e2a77e07fbb171218f6df8371ff6a069302334d8f7b2
SSDEEP

196608:B8HVH/lgXBCl6M7GXXVADSS4Ny7qXSXcAhRfRDq56E27CExF:B81/eXkkM7cGGBNpuXhhBqJ0CEH

Score

10^/10

xmrig discovery evasion exploit miner trojan

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20221111-en

xmrig discovery evasion exploit miner trojan

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20221111-en

xmrig discovery exploit miner

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  9.2MB
- MD5
  
  53540062e2853766764ac60dbaa4baab
- SHA1
  
  2996181c5ac1ba583516c7fac5dd22e6e87cd857
- SHA256
  
  6a1c8fe3f496cb8cae1aa6891b96756470f004f899c2159398ebd0c8b438998b
- SHA512
  
  c505fd7763935469798bb4d1cea25b9f5c282ede03efb59edb49e0a0f539fd1a9e87f4a5998d843a1ab3e2a77e07fbb171218f6df8371ff6a069302334d8f7b2
- SSDEEP
  
  196608:B8HVH/lgXBCl6M7GXXVADSS4Ny7qXSXcAhRfRDq56E27CExF:B81/eXkkM7cGGBNpuXhhBqJ0CEH
Score

10^/10

xmrig discovery evasion exploit miner trojan
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Windows security modification
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigdiscoveryevasionexploitminertrojan

behavioral2

xmrigdiscoveryexploitminer

© 2018-2024

Terms | Privacy