xmrig | c3031bd36d177c5468c59ef675d13ac9426a973e23df9c7749fb79e98a89bdc1 | Triage

Submit
Reports

Overview

overview

Static

static

notepad.exe

windows10-1703-x64

Sharing

General

Target

notepad.exe
Size

4.6MB
Sample

230111-lcp93afe91
MD5

f91a4f2fe37f1008f8f2b0d597dbd5fa
SHA1

3293698ca35076659fbaaac4868ba57afc3e560d
SHA256

c3031bd36d177c5468c59ef675d13ac9426a973e23df9c7749fb79e98a89bdc1
SHA512

64e0815402e0b2fa2dc43b23a129c2aeb1378d589924eec3105617f1da96e00568e59dda87040e4f2c43e74410398f98d007f0fb6be8fe835e2a205b29798bc1
SSDEEP

98304:Ff2WmtHyEOQPBxeasACzue9KtecGu7YRq4AXb6nJXSTH1h+MD+xT:ktHRGasnnu0iXb6ntSWM

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

notepad.exe

Resource

win10-20220901-en

xmrig discovery evasion exploit miner

windows10-1703-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  notepad.exe
- Size
  
  4.6MB
- MD5
  
  f91a4f2fe37f1008f8f2b0d597dbd5fa
- SHA1
  
  3293698ca35076659fbaaac4868ba57afc3e560d
- SHA256
  
  c3031bd36d177c5468c59ef675d13ac9426a973e23df9c7749fb79e98a89bdc1
- SHA512
  
  64e0815402e0b2fa2dc43b23a129c2aeb1378d589924eec3105617f1da96e00568e59dda87040e4f2c43e74410398f98d007f0fb6be8fe835e2a205b29798bc1
- SSDEEP
  
  98304:Ff2WmtHyEOQPBxeasACzue9KtecGu7YRq4AXb6nJXSTH1h+MD+xT:ktHRGasnnu0iXb6ntSWM
Score

10^/10

xmrig discovery evasion exploit miner
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Tasks

static1

behavioral1

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy