xmrig | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 | Triage

Submit
Reports

Overview

overview

Static

static

1

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

latestX.exe
Size

5.6MB
Sample

231010-fqkc3sdb36
MD5

bae29e49e8190bfbbf0d77ffab8de59d
SHA1

4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256

f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512

9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2
SSDEEP

49152:MMcDmMRlBdzs3EThgR0uEqBXLdcJAbtNmbOHaGhEospqOziZXAfrrARS7JL2ozPX:dcdrCET8XeospuZXAf0EJyocDKIVDT05

Score

10^/10

xmrig evasion miner

Static task

static1

Behavioral task

behavioral1

Sample

latestX.exe

Resource

win7-20230831-en

xmrig evasion miner

windows7-x64

19 signatures

300 seconds

Behavioral task

behavioral2

Sample

latestX.exe

Resource

win10-20230915-en

xmrig evasion miner

windows10-1703-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  latestX.exe
- Size
  
  5.6MB
- MD5
  
  bae29e49e8190bfbbf0d77ffab8de59d
- SHA1
  
  4a6352bb47c7e1666a60c76f9b17ca4707872bd9
- SHA256
  
  f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
- SHA512
  
  9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2
- SSDEEP
  
  49152:MMcDmMRlBdzs3EThgR0uEqBXLdcJAbtNmbOHaGhEospqOziZXAfrrARS7JL2ozPX:dcdrCET8XeospuZXAf0EJyocDKIVDT05
Score

10^/10

xmrig evasion miner
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminer

behavioral2

xmrigevasionminer

© 2018-2025

Terms | Privacy