xmrig

General

Target

NL.zip
Size

172.0MB
Sample

230326-v3sbsahd58
MD5

fa7108428e6781a0e8e63a5edd4f3075
SHA1

363c7a39afc9469853ba20b74f7e715b5a1a935f
SHA256

1cff7f7bbf34b9dfba1e13670ffe26330a5c8ac90ea6f58cbd6b18595ceee62a
SHA512

ffe1388c51f16724654b75dba892a345c9266cb9da8fb7cf5c46290b4ce1d28a8bc47dcf901a8b65784cfe75157f932fe876a77f3cbd4a1052167cf00e6c785c
SSDEEP

3145728:j1iuONlSOmr4dLnhFK1iuONlSOmr4dLnhFT1iuONlSOmr4dLnhF41iuONlSOmr4D:B0o9r4dLU0o9r4dL50o9r4dLS0o9r4d5

Score

10^/10

Malware Config

Targets

- Target
  
  NL/FDERF.exe
- Size
  
  53.0MB
- MD5
  
  5c4eecf00e9f6e0222c205c3dc327bb8
- SHA1
  
  2188e4b277e214364804a4ffcef23017a769722f
- SHA256
  
  2fa065de1468413ea4f909f527e4b7d03bca047c5d4adf1dfa7ade9155ad84e3
- SHA512
  
  0b1761d562484cf54a43599e84836b595dc948f86ecc438ef9bfcb9a30d40e0e51046ff4e3a1d30516971fe92ccb233d0f06613ff17695f9075185effc77db39
- SSDEEP
  
  786432:rZxRmsqYJysNiakCKIqHMzvX67SvdZiF4QI7rR8pUvlQ6Pb:dqYJysNiakCKJHMzvX6ofQAKpUdQ6
Score

10^/10

xmrig evasion miner upx
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  NL/miDDner.exe
- Size
  
  53.0MB
- MD5
  
  5c4eecf00e9f6e0222c205c3dc327bb8
- SHA1
  
  2188e4b277e214364804a4ffcef23017a769722f
- SHA256
  
  2fa065de1468413ea4f909f527e4b7d03bca047c5d4adf1dfa7ade9155ad84e3
- SHA512
  
  0b1761d562484cf54a43599e84836b595dc948f86ecc438ef9bfcb9a30d40e0e51046ff4e3a1d30516971fe92ccb233d0f06613ff17695f9075185effc77db39
- SSDEEP
  
  786432:rZxRmsqYJysNiakCKIqHMzvX67SvdZiF4QI7rR8pUvlQ6Pb:dqYJysNiakCKJHMzvX6ofQAKpUdQ6
Score

10^/10

xmrig evasion miner upx
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  NL/minDer.exe
- Size
  
  53.0MB
- MD5
  
  5c4eecf00e9f6e0222c205c3dc327bb8
- SHA1
  
  2188e4b277e214364804a4ffcef23017a769722f
- SHA256
  
  2fa065de1468413ea4f909f527e4b7d03bca047c5d4adf1dfa7ade9155ad84e3
- SHA512
  
  0b1761d562484cf54a43599e84836b595dc948f86ecc438ef9bfcb9a30d40e0e51046ff4e3a1d30516971fe92ccb233d0f06613ff17695f9075185effc77db39
- SSDEEP
  
  786432:rZxRmsqYJysNiakCKIqHMzvX67SvdZiF4QI7rR8pUvlQ6Pb:dqYJysNiakCKJHMzvX6ofQAKpUdQ6
Score

10^/10

xmrig evasion miner upx
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  NL/miner.exe
- Size
  
  53.0MB
- MD5
  
  5c4eecf00e9f6e0222c205c3dc327bb8
- SHA1
  
  2188e4b277e214364804a4ffcef23017a769722f
- SHA256
  
  2fa065de1468413ea4f909f527e4b7d03bca047c5d4adf1dfa7ade9155ad84e3
- SHA512
  
  0b1761d562484cf54a43599e84836b595dc948f86ecc438ef9bfcb9a30d40e0e51046ff4e3a1d30516971fe92ccb233d0f06613ff17695f9075185effc77db39
- SSDEEP
  
  786432:rZxRmsqYJysNiakCKIqHMzvX67SvdZiF4QI7rR8pUvlQ6Pb:dqYJysNiakCKJHMzvX6ofQAKpUdQ6
Score

10^/10

xmrig evasion miner upx
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral4
- Target
  
  NL/wefwf.exe
- Size
  
  53.0MB
- MD5
  
  5c4eecf00e9f6e0222c205c3dc327bb8
- SHA1
  
  2188e4b277e214364804a4ffcef23017a769722f
- SHA256
  
  2fa065de1468413ea4f909f527e4b7d03bca047c5d4adf1dfa7ade9155ad84e3
- SHA512
  
  0b1761d562484cf54a43599e84836b595dc948f86ecc438ef9bfcb9a30d40e0e51046ff4e3a1d30516971fe92ccb233d0f06613ff17695f9075185effc77db39
- SSDEEP
  
  786432:rZxRmsqYJysNiakCKIqHMzvX67SvdZiF4QI7rR8pUvlQ6Pb:dqYJysNiakCKJHMzvX6ofQAKpUdQ6
Score

10^/10

xmrig evasion miner upx
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral5

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

2

T1031

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

1

T1489

Tasks

Sharing

General

Malware Config

Targets

Modifies security service

Suspicious use of NtCreateUserProcessOtherParentProcess

XMRig Miner payload

Stops running service(s)

Executes dropped EXE

UPX packed file

Drops file in System32 directory

Suspicious use of SetThreadContext

Modifies security service

Suspicious use of NtCreateUserProcessOtherParentProcess

xmrig

XMRig Miner payload

Stops running service(s)

Executes dropped EXE

UPX packed file

Drops file in System32 directory

Suspicious use of SetThreadContext

Modifies security service

Suspicious use of NtCreateUserProcessOtherParentProcess

xmrig

XMRig Miner payload

Stops running service(s)

Executes dropped EXE

UPX packed file

Drops file in System32 directory

Suspicious use of SetThreadContext

Modifies security service

Suspicious use of NtCreateUserProcessOtherParentProcess

xmrig

XMRig Miner payload

Stops running service(s)

Executes dropped EXE

UPX packed file

Drops file in System32 directory

Suspicious use of SetThreadContext

Modifies security service

Suspicious use of NtCreateUserProcessOtherParentProcess

xmrig

XMRig Miner payload

Stops running service(s)

Executes dropped EXE

UPX packed file

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5