xmrig | da6e6cc88243db08b8d63a7cfbfda36d3f98684b4e3b669f807b8b3f4536779b | Triage

Submit
Reports

Overview

overview

Static

static

1

da6e6cc882...9b.exe

windows7-x64

da6e6cc882...9b.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

da6e6cc88243db08b8d63a7cfbfda36d3f98684b4e3b669f807b8b3f4536779b
Size

5.1MB
Sample

231120-mmqt1sfc99
MD5

a7372c36c845147ba0bb4caff8997bc4
SHA1

7637709465b766a4f3c1cf9c9e0c04cf776567a4
SHA256

da6e6cc88243db08b8d63a7cfbfda36d3f98684b4e3b669f807b8b3f4536779b
SHA512

55f4801386ca5ed3ddac7c97e52991b7c5ed13649920c537b61579e69ea06ca1a3e98c35aae767ef59ae4e2d9ff0b05c2cbaff68bd653bc9ec9f86d1457930ff
SSDEEP

98304:EGMD04y4suYiVEpvYXmP7PpFYf2DlZHK/3BykfDfitACArN5+0vSLIeAR:EaSwqsYf2DlZHK/By2f+FArNw0vWIeAR

Score

10^/10

xmrig evasion miner persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

da6e6cc88243db08b8d63a7cfbfda36d3f98684b4e3b669f807b8b3f4536779b.exe

Resource

win7-20231023-en

xmrig evasion miner persistence upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

da6e6cc88243db08b8d63a7cfbfda36d3f98684b4e3b669f807b8b3f4536779b.exe

Resource

win10v2004-20231020-en

xmrig evasion miner persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  da6e6cc88243db08b8d63a7cfbfda36d3f98684b4e3b669f807b8b3f4536779b
- Size
  
  5.1MB
- MD5
  
  a7372c36c845147ba0bb4caff8997bc4
- SHA1
  
  7637709465b766a4f3c1cf9c9e0c04cf776567a4
- SHA256
  
  da6e6cc88243db08b8d63a7cfbfda36d3f98684b4e3b669f807b8b3f4536779b
- SHA512
  
  55f4801386ca5ed3ddac7c97e52991b7c5ed13649920c537b61579e69ea06ca1a3e98c35aae767ef59ae4e2d9ff0b05c2cbaff68bd653bc9ec9f86d1457930ff
- SSDEEP
  
  98304:EGMD04y4suYiVEpvYXmP7PpFYf2DlZHK/3BykfDfitACArN5+0vSLIeAR:EaSwqsYf2DlZHK/By2f+FArNw0vWIeAR
Score

10^/10

xmrig evasion miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerpersistenceupx

behavioral2

xmrigevasionminerpersistenceupx

© 2018-2025

Terms | Privacy