xmrig | cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e | Triage

Submit
Reports

Overview

overview

Static

static

1

qM5GMXBk6hJE6Y5e.exe

windows7-x64

qM5GMXBk6hJE6Y5e.exe

windows10-2004-x64

Resubmissions

04-04-2023 20:34

230404-zcjzyabg6x 10

02-04-2023 00:00

230402-aagz5ade69 1

31-03-2023 23:20

230331-3brvyaff6w 10

31-03-2023 22:39

230331-2k417aea63 10

Sharing

General

Target

qM5GMXBk6hJE6Y5e.exe
Size

2.0MB
Sample

230331-3brvyaff6w
MD5

a16a669a09bf158058b83e04e69fe38e
SHA1

f6c94763850d9e590d86057139e8895a7aacdeea
SHA256

cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
SHA512

658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
SSDEEP

49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO

Score

10^/10

xmrig miner upx

Static task

static1

Behavioral task

behavioral1

Sample

qM5GMXBk6hJE6Y5e.exe

Resource

win7-20230220-en

xmrig miner upx

windows7-x64

17 signatures

1800 seconds

Behavioral task

behavioral2

Sample

qM5GMXBk6hJE6Y5e.exe

Resource

win10v2004-20230221-en

xmrig miner upx

windows10-2004-x64

14 signatures

1800 seconds

Malware Config

Targets

- Target
  
  qM5GMXBk6hJE6Y5e.exe
- Size
  
  2.0MB
- MD5
  
  a16a669a09bf158058b83e04e69fe38e
- SHA1
  
  f6c94763850d9e590d86057139e8895a7aacdeea
- SHA256
  
  cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
- SHA512
  
  658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
- SSDEEP
  
  49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
Score

10^/10

xmrig miner upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy