xmrig | 50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30
Size

6.4MB
Sample

231231-2ayreshga8
MD5

2eafb4926d78feb0b61d5b995d0fe6ee
SHA1

f6e75678f1dafcb18408452ea948b9ad51b5d83e
SHA256

50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30
SHA512

1885f5874c44a6841be4d53140ad63304e8d1924bb98fe14602d884fbc289ec8913db772a9e2db93e45298d1328700e2000ddab109af3964eaf6f23af61ef78e
SSDEEP

196608:1pznZ/ySos+NnrlQ5jrNoIgDJ0I6x/oAP:1pDZk9LQ5vNdeJ0IC

Score

10^/10

xmrig evasion miner persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30.exe

Resource

win7-20231129-en

xmrig evasion miner persistence

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30.exe

Resource

win10-20231215-en

xmrig evasion miner persistence

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30
- Size
  
  6.4MB
- MD5
  
  2eafb4926d78feb0b61d5b995d0fe6ee
- SHA1
  
  f6e75678f1dafcb18408452ea948b9ad51b5d83e
- SHA256
  
  50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30
- SHA512
  
  1885f5874c44a6841be4d53140ad63304e8d1924bb98fe14602d884fbc289ec8913db772a9e2db93e45298d1328700e2000ddab109af3964eaf6f23af61ef78e
- SSDEEP
  
  196608:1pznZ/ySos+NnrlQ5jrNoIgDJ0I6x/oAP:1pDZk9LQ5vNdeJ0IC
Score

10^/10

xmrig evasion miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigevasionminerpersistence

behavioral2

xmrigevasionminerpersistence

© 2018-2024

Terms | Privacy