xmrig | 8f4c3348423dbc5dadff663216b4b015109535a06e5a81fb7cb3993a90ff26c5 | Triage

Submit
Reports

Overview

overview

Static

static

3

3554553.exe

windows7-x64

3554553.exe

windows10-2004-x64

Sharing

General

Target

3554553.exe
Size

4.5MB
Sample

231225-vlthhsdbb6
MD5

25a1e0a4d436eea408e79a07f45ff684
SHA1

da6fbf78868b855451769fb1255f7c2cdef66ace
SHA256

8f4c3348423dbc5dadff663216b4b015109535a06e5a81fb7cb3993a90ff26c5
SHA512

f7d17b6ce23042d30d9f9bad91684e627b1f8f9bb79ec2c67c3b79791f5444a2fabdcccee48ef3335df3a262060a7300d32aa81a36a1e48fc4299b6668e91df5
SSDEEP

98304:pKF6T4Y6cTie8X081BO2hVvXMtld70frtH1EOq+kYc6EPGo7v4+uT:QFrdSiekO2XvXMtld7WkYc6EC+uT

Score

10^/10

xmrig evasion miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3554553.exe

Resource

win7-20231215-en

xmrig evasion miner persistence upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

3554553.exe

Resource

win10v2004-20231215-en

xmrig evasion miner persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  3554553.exe
- Size
  
  4.5MB
- MD5
  
  25a1e0a4d436eea408e79a07f45ff684
- SHA1
  
  da6fbf78868b855451769fb1255f7c2cdef66ace
- SHA256
  
  8f4c3348423dbc5dadff663216b4b015109535a06e5a81fb7cb3993a90ff26c5
- SHA512
  
  f7d17b6ce23042d30d9f9bad91684e627b1f8f9bb79ec2c67c3b79791f5444a2fabdcccee48ef3335df3a262060a7300d32aa81a36a1e48fc4299b6668e91df5
- SSDEEP
  
  98304:pKF6T4Y6cTie8X081BO2hVvXMtld70frtH1EOq+kYc6EPGo7v4+uT:QFrdSiekO2XvXMtld7WkYc6EC+uT
Score

10^/10

xmrig evasion miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerpersistenceupx

behavioral2

xmrigevasionminerpersistenceupx

© 2018-2025

Terms | Privacy