xmrig | 216af63fedbf9379d7d2f6b52eb81d3b19a1310fa0cb365a6121788b2b48baa0 | Triage

Submit
Reports

Overview

overview

Static

static

216af63fed...a0.exe

windows7-x64

216af63fed...a0.exe

windows10-2004-x64

Sharing

General

Target

216af63fedbf9379d7d2f6b52eb81d3b19a1310fa0cb365a6121788b2b48baa0
Size

5.3MB
Sample

240112-2y8ljagbh5
MD5

f0615222efdb2699a7d869641bcf7eab
SHA1

e346c26ede7d5e6e97bc5f9578a3c7dc5853e4af
SHA256

216af63fedbf9379d7d2f6b52eb81d3b19a1310fa0cb365a6121788b2b48baa0
SHA512

d0a817eeaa3ecd507e778fc1422a0989d116d0d635d976924681176e17e9d7a38f1d9963954def8892bf9483ba6de989595114e2da009281e2b2489796e34a16
SSDEEP

49152:+a2+8ZkbcfOPIMmuv2d2cWfGmsQZ0Wf8f8QlWuWzVjnbXGp8mih7NUfXUu4tEqN5:+aTX1HlUUdG/Mul2rq/aReDkizMeQUa

Score

10^/10

xmrig zgrat miner rat upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

216af63fedbf9379d7d2f6b52eb81d3b19a1310fa0cb365a6121788b2b48baa0.exe

Resource

win7-20231215-en

xmrig zgrat miner rat upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

216af63fedbf9379d7d2f6b52eb81d3b19a1310fa0cb365a6121788b2b48baa0.exe

Resource

win10v2004-20231222-en

xmrig zgrat miner rat upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  216af63fedbf9379d7d2f6b52eb81d3b19a1310fa0cb365a6121788b2b48baa0
- Size
  
  5.3MB
- MD5
  
  f0615222efdb2699a7d869641bcf7eab
- SHA1
  
  e346c26ede7d5e6e97bc5f9578a3c7dc5853e4af
- SHA256
  
  216af63fedbf9379d7d2f6b52eb81d3b19a1310fa0cb365a6121788b2b48baa0
- SHA512
  
  d0a817eeaa3ecd507e778fc1422a0989d116d0d635d976924681176e17e9d7a38f1d9963954def8892bf9483ba6de989595114e2da009281e2b2489796e34a16
- SSDEEP
  
  49152:+a2+8ZkbcfOPIMmuv2d2cWfGmsQZ0Wf8f8QlWuWzVjnbXGp8mih7NUfXUu4tEqN5:+aTX1HlUUdG/Mul2rq/aReDkizMeQUa
Score

10^/10

xmrig zgrat miner rat upx
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigzgratminerratupx

behavioral2

xmrigzgratminerratupx

© 2018-2025

Terms | Privacy