xmrig | fef75dbf20c3ba832b5ed9d057f26e61915501bae7c1e11c367793546c7713aa | Triage

Submit
Reports

Overview

overview

Static

static

1

installer.exe

windows7-x64

installer.exe

windows10-2004-x64

Sharing

General

Target

installer.exe
Size

4.3MB
Sample

230316-wa5xvacb63
MD5

ccaffcd12dcb30adb5250f30026ecd1e
SHA1

4048dc71db497f641a4f35eb00ac3c163c394978
SHA256

fef75dbf20c3ba832b5ed9d057f26e61915501bae7c1e11c367793546c7713aa
SHA512

a196e58aaff3f68e15df0de667541d103c78d0f8cf114ff3f5770444de1a30b0dc46c4d0dcafbc8bd81538660d401c57dc18de8b6b3769b81cc4e8ff7f316286
SSDEEP

98304:w1XNI4kmUg+DgxP1Wrj3DIIs0LHhjwSKVjV3:w9NInmUg5xqX/sCHhj7K5p

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

installer.exe

Resource

win7-20230220-en

discovery evasion exploit

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

installer.exe

Resource

win10v2004-20230220-en

xmrig discovery evasion exploit miner

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  installer.exe
- Size
  
  4.3MB
- MD5
  
  ccaffcd12dcb30adb5250f30026ecd1e
- SHA1
  
  4048dc71db497f641a4f35eb00ac3c163c394978
- SHA256
  
  fef75dbf20c3ba832b5ed9d057f26e61915501bae7c1e11c367793546c7713aa
- SHA512
  
  a196e58aaff3f68e15df0de667541d103c78d0f8cf114ff3f5770444de1a30b0dc46c4d0dcafbc8bd81538660d401c57dc18de8b6b3769b81cc4e8ff7f316286
- SSDEEP
  
  98304:w1XNI4kmUg+DgxP1Wrj3DIIs0LHhjwSKVjV3:w9NInmUg5xqX/sCHhj7K5p
Score

10^/10

discovery evasion exploit xmrig miner
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Executes dropped EXE
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy