xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

SlayerRAT v0.7.2 By X-Slayer.zip
Size

9.5MB
Sample

230327-1g4etahd4w
MD5

007e1548c6fe6c998b0c10150854d7a5
SHA1

893d8f6befcd14bcfa83d0abd9e13d0c6a5a540b
SHA256

041186833ff7faa7bf99819f8471659ae622a7d2285138cd611b53b63dab12a9
SHA512

43456382353f6bc32b4d29bb1038b74ae6f98dc707fd6193b6ae51f9325b9e2f6fbee084d9cf379ca5136d2bef4df60bbec706180e4e30241c5b7896cd86435d
SSDEEP

196608:ZM909r6cb95JpVAPfXpRtI6MwUOLDvmDJKGDd5TrynVfH4Kj3:ZSkl3WfZRtI0LDyDdCVf/j3

Score

10^/10

Malware Config

Targets

- Target
  
  SlayerRAT v0.7.2 By X-Slayer/Mono.Cecil.dll
- Size
  
  305KB
- MD5
  
  851ec9d84343fbd089520d420348a902
- SHA1
  
  f8e2a80130058e4db3cf569cf4297d07d05c93e0
- SHA256
  
  cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9
- SHA512
  
  5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1
- SSDEEP
  
  6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB
Score

1^/10
behavioral1
- Target
  
  SlayerRAT v0.7.2 By X-Slayer/Plugin/cam.dll
- Size
  
  62KB
- MD5
  
  92eaa039cf7a25fb72ab1328032312f1
- SHA1
  
  436ecf46f1d7f67dd42f617de305164bb7da4e06
- SHA256
  
  f7625119de43a747129977ae4bcb9a38a3bb49453afb1eafa3afaf2bc7308c05
- SHA512
  
  62d3e26c655024badd98f1238ec1bbb193265f0481e2422c98f8524b38863c711e76be4e88f0cce7a1777a97033095a55d17dfa8586166df4b76d34191a346b0
- SSDEEP
  
  768:umgpxrJnKYUEwHGHUrvpIKqpZ1KyJRnuPCFK12epzNLs4seBK8hwvy9xf2zRa:7gPr+BLxI1p/lJOwKUepz5B7hwyezR
Score

1^/10
behavioral2
- Target
  
  SlayerRAT v0.7.2 By X-Slayer/Plugin/ch.dll
- Size
  
  13KB
- MD5
  
  fe74fcca56c8af93cfddd90275d58c93
- SHA1
  
  715be3ac12ea3d0914712332cf42dc5ed5ffcdb6
- SHA256
  
  830aa905b8dfe782ab6805b215cfdbd196212b8b7c532367233b43cacb969057
- SHA512
  
  587ee6305f5573a0459aa0cb751323938d2fbfd0eff8bea5e68d8c1c8dec15479cad575b26b51cef196c8cd35dbd12b72c4a5e3aa3860b6cddc8aee5c2e1ad62
- SSDEEP
  
  192:E1FflYgFIcTqmlUPyzvPlaj9E5v7o0llm8+NpnfNXNz/sgly:E1plYeIcmmC6zvIO5zo0bm8+/fNXNz
Score

1^/10
behavioral3
- Target
  
  SlayerRAT v0.7.2 By X-Slayer/Plugin/fm.dll
- Size
  
  13KB
- MD5
  
  91a9dcec684402b8697a0925e25a93b3
- SHA1
  
  cd404ca95d787178aa313187a6c7cbbab6f09883
- SHA256
  
  16685b8330897a0a1834ec01a1df0d32515d980708938e2a8aa95c30e0f63751
- SHA512
  
  923603ed3d9d1512954d3bc6405bee3e179d0f8d43a9d502c5c24125b9b3f7f5696670cc020e87fbeec19cea1a98fc97e7ae8c92bc61a6f11835337474ed2edc
- SSDEEP
  
  192:5+Iq6/NI46SlCixgSuNBOnfHWmlVk40l:5x/NIrSlY3ifHWmlVk4c
Score

1^/10
behavioral4
- Target
  
  SlayerRAT v0.7.2 By X-Slayer/Plugin/proc.dll
- Size
  
  8KB
- MD5
  
  37a001713fc1cd8c36c0ac4494174b46
- SHA1
  
  44b216a81f139b62feef0de9c88f5ad69bfda675
- SHA256
  
  925644e109f6b83819636dea98b01da560c8d73e84d758d716d9a8b80cb456e1
- SHA512
  
  a74d25ad8eeb94542a1175bdf6699bbf87a9b868e13347730d70ae07fe46a1bd7acefe509e2618fb8b64f83b9559110246f92aa907b22ce129974672b1db18d4
- SSDEEP
  
  96:faiuHfG6ZWpOTytLPdDJonpoa1tgtpQmnLD6nPVJYXQvIO3BihJNnU8ZS4A3lc4:fa1RWgMNUR78a0D6nPTjIyi9nY1jK9
Score

1^/10
behavioral5
- Target
  
  SlayerRAT v0.7.2 By X-Slayer/Plugin/pw.dll
- Size
  
  37KB
- MD5
  
  4ee1a499e903cd0cb561682b4eb68a91
- SHA1
  
  a35866ff36a7ec0a226b8f814f3642185742020e
- SHA256
  
  efa05a4bb42843236ba64393be0cb5ff073baa9c71b308cfb052b2e317ac8715
- SHA512
  
  00def300ecd4c4e257bc1e7c67f6b9851853f54fc51c1da734f5927a140f4405baa10f7a6fa333013aa7cc8683cbaf14bf290d78618041955590710803c7e7f7
- SSDEEP
  
  768:mNdzkF9F2SbQiRbb34cEyiJ3nfSgT2VY:mNdgF9k4R/34cxkag0Y
Score

1^/10
behavioral6
- Target
  
  SlayerRAT v0.7.2 By X-Slayer/Plugin/sc2.dll
- Size
  
  10KB
- MD5
  
  991a4e7febfbc4b6c2a3690f21064d43
- SHA1
  
  3eeea51c435159aaed5032bfe0b190669982fb49
- SHA256
  
  f6124b65c05d8361d0803b776c41ce944774eedb54c3128dbaef7078aa0f3870
- SHA512
  
  115c4c607237559f13798b69eb8e8e92d1eb698214fdbe1371b8061f8152e555a48901313b895c93476cb182e3f817fbd8c2a9f60ee81be26aa2bd4439a3353f
- SSDEEP
  
  192:FFhbTt3N/FlmfPTA67nFKaPs6v/4jnJMq3OdiW:zblaz7FKaPtv/4rJRb
Score

1^/10
behavioral7
- Target
  
  SlayerRAT v0.7.2 By X-Slayer/SlayerRAT v 0.7.2x.exe
- Size
  
  9.8MB
- MD5
  
  b214730ed4335d0311311760b13b449b
- SHA1
  
  f09083acc3e33e383ddd4c22f3d765143840de01
- SHA256
  
  f190342610f6f690d6c8fe5cd75fa60a3129a2aa55c42c47d016aa068dbd0427
- SHA512
  
  e68120b78b849794bd952fb24e9b9f7248523a9580977420fd707b45610de73bb51ed7fa09eb4441087e7926c06ff0f588c3d030a190529b2bc0548fb64d80a9
- SSDEEP
  
  196608:vJWQV/GQDd3JjPOVXRzPHGMy4AcV7jWlJeQJf/p/oLJlJQ+N:BWQVr5uX5PHGMV7kJfMJlPN
Score

10^/10

xmrig evasion miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral8
- Target
  
  SlayerRAT v0.7.2 By X-Slayer/Stub.exe
- Size
  
  52KB
- MD5
  
  657dd4a924f163a0eb584827437e512f
- SHA1
  
  118047b78043a6abd3c644e18dc65a63616c9aa8
- SHA256
  
  ef91e64b9cf910f90b8a075c87721bb46ab13cc6845697bb06c0754a98378728
- SHA512
  
  fbc8058bf05b1d5b89039a40ab11c36d0bfdfb3af65e39d32225857f1045ff33547624a4205957e7b5dce3abe0264f1a20098f73db5d7359971a9fd48025675b
- SSDEEP
  
  1536:jiBAendYsO5yQshvQjEBvS470xb2IZhVLWx:uasGXLWx
Score

4^/10
behavioral9
- Target
  
  SlayerRAT v0.7.2 By X-Slayer/Stubdownload.exe
- Size
  
  18KB
- MD5
  
  b99ff62f03bf846189fe7a8b2ce6311e
- SHA1
  
  32a84ace75bc9ef68f0edfb303412bc93b5a3967
- SHA256
  
  b8a1f340423a7c8c32c364c61208b094fbd4ba05aee0dacb8d9d04584334dfc7
- SHA512
  
  06c5e15a4bf9ee483c2d62856fc72183b124c2c5e7ff07d6b35d0ad1355e9af6ee87785d874617b6119c22d2f6cac3a23da60465aad4b342255d2ba63c801254
- SSDEEP
  
  384:fvOrJRG3cJ4ev4KGa49O4RUx+LR2m/ti+FDo:3iRG3cJw5BBiyo
Score

4^/10
behavioral10

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

XMRig Miner payload

Modifies Windows Firewall

Checks computer location settings

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10