xmrig | 28fd45fe63a9d33806d6f6632ab2deb7b7d0f2b63c414cd32bb0c6003c00e7d4 | Triage

Sharing

General

Target

28fd45fe63a9d33806d6f6632ab2deb7b7d0f2b63c414cd32bb0c6003c00e7d4
Size

1020KB
Sample

230212-17ffnsgc6w
MD5

95f974f3f605ddb8640c3b82954b18f6
SHA1

627680d6c609441f62e07d5fa175ba393f3d02b2
SHA256

28fd45fe63a9d33806d6f6632ab2deb7b7d0f2b63c414cd32bb0c6003c00e7d4
SHA512

fa5222b272f9e0a977421d37f34bcc8230895d59c8943ca82f2508e7fc0c7010f674273030ffa196f31f061ccaf1a7284f849dc1a5daca8b0cbeb0cc8211a2a8
SSDEEP

6144:Rja7F1ydho0YxRRtvapRI5AOWMa6Tm5td3F9QCmDbovRzAl8l:k7F1ydho1F5PsBl

Score

10^/10

xmrig miner

Malware Config

Targets

- Target
  
  28fd45fe63a9d33806d6f6632ab2deb7b7d0f2b63c414cd32bb0c6003c00e7d4
- Size
  
  1020KB
- MD5
  
  95f974f3f605ddb8640c3b82954b18f6
- SHA1
  
  627680d6c609441f62e07d5fa175ba393f3d02b2
- SHA256
  
  28fd45fe63a9d33806d6f6632ab2deb7b7d0f2b63c414cd32bb0c6003c00e7d4
- SHA512
  
  fa5222b272f9e0a977421d37f34bcc8230895d59c8943ca82f2508e7fc0c7010f674273030ffa196f31f061ccaf1a7284f849dc1a5daca8b0cbeb0cc8211a2a8
- SSDEEP
  
  6144:Rja7F1ydho0YxRRtvapRI5AOWMa6Tm5td3F9QCmDbovRzAl8l:k7F1ydho1F5PsBl
Score

10^/10

xmrig miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2