xmrig | e03fafd93b7e1797cd9a580e1a1dd79ddf8923f465c8a260bb72ed4cd9a47631 | Triage

Submit
Reports

Overview

overview

Static

static

7

winprofile

windows7-x64

winprofile

windows10-1703-x64

Resubmissions

08-08-2023 04:09

230808-eraplaae32 10

Sharing

General

Target

e03fafd93b7e1797cd9a580e1a1dd79ddf8923f465c8a260bb72ed4cd9a47631
Size

2.9MB
Sample

230808-eraplaae32
MD5

06419f205fc2f58d16871c91c19a4bed
SHA1

e5a21a569a93bc7afea9292ef5e829d511643f5a
SHA256

e03fafd93b7e1797cd9a580e1a1dd79ddf8923f465c8a260bb72ed4cd9a47631
SHA512

780ef8540f27752601f0fc46a505a111d321b5671328d780beb707c37c47728012a60929c69b0d7a10eef5b8fa6659dcc35f5722fa0111c230f737feb9d8590d
SSDEEP

49152:P7qA4c/WvLhRELV79su9hhYTZWOVRjhelV6SF+3djRwg5MC:P7p4cWzhk1iu9hheZWOPFelV2Oo

Score

10^/10

xmrig miner themida

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e03fafd93b7e1797cd9a580e1a1dd79ddf8923f465c8a260bb72ed4cd9a47631.exe

Resource

win7-20230712-en

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

e03fafd93b7e1797cd9a580e1a1dd79ddf8923f465c8a260bb72ed4cd9a47631.exe

Resource

win10-20230703-en

xmrig miner themida

windows10-1703-x64

15 signatures

300 seconds

Malware Config

Targets

- Target
  
  e03fafd93b7e1797cd9a580e1a1dd79ddf8923f465c8a260bb72ed4cd9a47631
- Size
  
  2.9MB
- MD5
  
  06419f205fc2f58d16871c91c19a4bed
- SHA1
  
  e5a21a569a93bc7afea9292ef5e829d511643f5a
- SHA256
  
  e03fafd93b7e1797cd9a580e1a1dd79ddf8923f465c8a260bb72ed4cd9a47631
- SHA512
  
  780ef8540f27752601f0fc46a505a111d321b5671328d780beb707c37c47728012a60929c69b0d7a10eef5b8fa6659dcc35f5722fa0111c230f737feb9d8590d
- SSDEEP
  
  49152:P7qA4c/WvLhRELV79su9hhYTZWOVRjhelV6SF+3djRwg5MC:P7p4cWzhk1iu9hheZWOPFelV2Oo
Score

10^/10

themida xmrig miner
- Detects DLL dropped by Raspberry Robin.
  Raspberry Robin.
- XMRig Miner payload
  miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xmrigminerthemida

© 2018-2024

Terms | Privacy