xmrig | fb7940fb9fbbd1ae588cf0b8f9111ac8d73d9f63d7f94c9d31371ad6c8d223df | Triage

Submit
Reports

Overview

overview

Static

static

1

Game.exe

windows10-1703-x64

PASSWORD=1234.txt

windows10-1703-x64

1

READ ME.txt

windows10-1703-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

Game_v3.1.zip
Size

35.7MB
Sample

230210-pfvwhafh5v
MD5

c1f2527521e548fcecda3a4fb40da420
SHA1

030b245fce92bc9499430ca8c7a1b1f784c40eca
SHA256

fb7940fb9fbbd1ae588cf0b8f9111ac8d73d9f63d7f94c9d31371ad6c8d223df
SHA512

b9c9e8f35c8cee6f629a64cc79b5e116103f63a0169fad7d3dd07ad08aa27cefe1047acbde692691adb36f1670c4cb946468c0919330cb9838ed9fad718a9fbf
SSDEEP

786432:VBET/kyUMAYbjl/QVfQSunvZblK7dKDW4CJ4:dv3YbjlAv2JYdKDBCO

Score

10^/10

xmrig evasion miner upx vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

Game.exe

Resource

win10-20220901-es

xmrig evasion miner upx vmprotect

windows10-1703-x64

26 signatures

300 seconds

Behavioral task

behavioral2

Sample

PASSWORD=1234.txt

Resource

win10-20220901-es

windows10-1703-x64

0 signatures

300 seconds

Behavioral task

behavioral3

Sample

READ ME.txt

Resource

win10-20220812-es

windows10-1703-x64

0 signatures

300 seconds

Malware Config

Targets

- Target
  
  Game.exe
- Size
  
  457.8MB
- MD5
  
  7f803515e3151567225437ad4ef820ea
- SHA1
  
  bc3041125156ed5233f91ee6e022c874c5dbf984
- SHA256
  
  e49a05f2d5a9124a4754f42970fa53f8ca1c35dbb15e3eab40aba87658db623d
- SHA512
  
  cbe53a7760fab262703a4f42d8f8165ce58b6d75b915c042752cd4d084893669d1e60b8afd0746c0874bb68941a094a5176a5d68535374fca218fc4df62eca5a
- SSDEEP
  
  196608:vKfSLf7zCVNQf4wzG9Nz/kPShRbQoyTwQ:6IXC+y9tkPShNF0
Score

10^/10

xmrig evasion miner upx vmprotect
- Modifies security service
  evasion
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  PASSWORD=1234.txt
- Size
  
  28.0MB
- MD5
  
  038d6837950b00608738564a7a2a98a5
- SHA1
  
  d2be181db01c02c5974c6191459c68420b1fab5a
- SHA256
  
  3eafef0ecceafb94b5de0d13800b2335384855d27d01da9db6053548eac662fb
- SHA512
  
  464fb72cc973d1fa46b1a61f5345f287bc7fb9a94b9998605fecb9b31aa440860746758eaf292ca531bd38ad8ecd0aa60061dea78ad372e3e765f6ea84a08d9e
- SSDEEP
  
  786432:QDIk8TJT7yJt6Sths80gsfUAIqYC5p99amI:9BleRjRoUSM
Score

1^/10
behavioral2
- Target
  
  READ ME.txt
- Size
  
  158B
- MD5
  
  dbbf1a4bec7fc01f85475cb1bce209d4
- SHA1
  
  c5e089a0007624146daa4a7d77e6674ae252f3ca
- SHA256
  
  78ae2acbd23b6c16d081d17178476ff8db322c0e00ce840af27e470e0a77beba
- SHA512
  
  548697ad1064b5328c0d29daf76ecc04b64f5e424a3b2787491f053a87b3a9d816474c75395841336c02e6692c572b57adfd193423e2120a6842a75d03f3d604
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerupxvmprotect

behavioral2

behavioral3

© 2018-2025

Terms | Privacy