xmrig

General

Target

bd4f0d1fca038b6d7744a9c8b397bc53.bin
Size

4.7MB
Sample

230502-ckwx5shd69
MD5

f19597b598f65824cae47b7214d34ff6
SHA1

9ea46c7687f7e3a9028045bca189d36cbf7048a7
SHA256

33ea3291888e65cd2787c30b6fca559f77c6039e8d003d04be5d1d03632de3c8
SHA512

94c84365cb45bc202fd52782ff73ceba46933da70c8909fd983a36cfe3cb5dd6ffc24e2c4fc2fc03d3db711120b483ce2d396cf31b0b83e8aeb03b51e2d08f6a
SSDEEP

49152:mjhTGW/Y5MuKMXJJZmVGXM3Sgg6au6nQS7:ml6MuK+mxDXaT57

Score

10^/10

xmrig miner

Malware Config

Targets

- Target
  
  ntask.exe
- Size
  
  424.9MB
- MD5
  
  01acd528a1667196a0ad033a07434def
- SHA1
  
  4d9f342f615390ce65fe0bba3394a75124438a19
- SHA256
  
  726df5e4dbc4649d29ead6c0600c20ffd0a1a304207ae0f419a73c3b57fe8249
- SHA512
  
  7a5ac4af98ea1e2f27b20babf76e1e9a44e7ea9f247dddfa69f6b3ae159c9ad82c6f5e6791b3023cedbb9842e302de974c61b820e95d56ce7b5147947ce463b4
- SSDEEP
  
  49152:YiycrWBo+A5snqekfdvlDrCeTtavT1jwMRkoFGdPZVKxg5zpKqQ3DSM0+Co:Yt3Oc
Score

10^/10

xmrig miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ntask.exe
- Size
  
  424.9MB
- MD5
  
  01acd528a1667196a0ad033a07434def
- SHA1
  
  4d9f342f615390ce65fe0bba3394a75124438a19
- SHA256
  
  726df5e4dbc4649d29ead6c0600c20ffd0a1a304207ae0f419a73c3b57fe8249
- SHA512
  
  7a5ac4af98ea1e2f27b20babf76e1e9a44e7ea9f247dddfa69f6b3ae159c9ad82c6f5e6791b3023cedbb9842e302de974c61b820e95d56ce7b5147947ce463b4
- SSDEEP
  
  49152:YiycrWBo+A5snqekfdvlDrCeTtavT1jwMRkoFGdPZVKxg5zpKqQ3DSM0+Co:Yt3Oc
Score

10^/10

xmrig miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral3 behavioral4