xmrig | 4e5fbc23bbecadfc537e5f3b83d12331052289364be3b2116a1dbd0296097354 | Triage

Submit
Reports

Overview

overview

Static

static

1

SockaBlet.exe

windows7-x64

SockaBlet.exe

windows10-2004-x64

Sharing

General

Target

SockaBlet.exe
Size

2.0MB
Sample

230328-k2en7aaa62
MD5

9c84a7a992b37ae6ad3f39b8435f953c
SHA1

81c0475316d118665983b78eb7b85599fae61138
SHA256

4e5fbc23bbecadfc537e5f3b83d12331052289364be3b2116a1dbd0296097354
SHA512

d9ed4faf75450a500945a8f7de03e6086cffb2f780fc7e4bb83e40301718c8aebdd74b07fb41a1dac9165f15e7b4e02aef68312e52b9dd8f238457f4f899578d
SSDEEP

49152:EMTGvc8bU8qOJFBfqK/tuZmsXz08r+gNZTruavlOpb:EMacQVtFPOmuA8HNZTKCOp

Score

10^/10

xmrig miner upx

Static task

static1

Behavioral task

behavioral1

Sample

SockaBlet.exe

Resource

win7-20230220-en

xmrig miner upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

SockaBlet.exe

Resource

win10v2004-20230220-en

xmrig miner upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  SockaBlet.exe
- Size
  
  2.0MB
- MD5
  
  9c84a7a992b37ae6ad3f39b8435f953c
- SHA1
  
  81c0475316d118665983b78eb7b85599fae61138
- SHA256
  
  4e5fbc23bbecadfc537e5f3b83d12331052289364be3b2116a1dbd0296097354
- SHA512
  
  d9ed4faf75450a500945a8f7de03e6086cffb2f780fc7e4bb83e40301718c8aebdd74b07fb41a1dac9165f15e7b4e02aef68312e52b9dd8f238457f4f899578d
- SSDEEP
  
  49152:EMTGvc8bU8qOJFBfqK/tuZmsXz08r+gNZTruavlOpb:EMacQVtFPOmuA8HNZTKCOp
Score

10^/10

xmrig miner upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy