xmrig | 388de88bdd7a04e719487b10de6103ded5c88e354f8c269e012901884ee7527d | Triage

Submit
Reports

Overview

overview

Static

static

3

50b50beee2...30.exe

windows7-x64

50b50beee2...30.exe

windows10-2004-x64

Sharing

General

Target

2eafb4926d78feb0b61d5b995d0fe6ee.bin
Size

6.1MB
Sample

240122-bg8bbsdbdp
MD5

ac7dd01188d1ea555cfdb2711f5cb215
SHA1

7b7018f974c328bdc41820417f629612bdb24959
SHA256

388de88bdd7a04e719487b10de6103ded5c88e354f8c269e012901884ee7527d
SHA512

75b10acf8455a7fc112722119883dfd89b0debf3978f3f9ce7282c131014283efe6a3bf1309aca33c1862941a0bec1144295979b855a0c19255eac7a84b5581a
SSDEEP

196608:Syw7WU9PRFw/xAF1fyaFC+4K5jV1eWmjTri2Su:gL9ZeuFoaFC+z5jVITri2Su

Score

10^/10

xmrig evasion miner persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30.exe

Resource

win7-20231129-en

xmrig evasion miner persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30.exe

Resource

win10v2004-20231222-en

xmrig evasion miner persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30.exe
- Size
  
  6.4MB
- MD5
  
  2eafb4926d78feb0b61d5b995d0fe6ee
- SHA1
  
  f6e75678f1dafcb18408452ea948b9ad51b5d83e
- SHA256
  
  50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30
- SHA512
  
  1885f5874c44a6841be4d53140ad63304e8d1924bb98fe14602d884fbc289ec8913db772a9e2db93e45298d1328700e2000ddab109af3964eaf6f23af61ef78e
- SSDEEP
  
  196608:1pznZ/ySos+NnrlQ5jrNoIgDJ0I6x/oAP:1pDZk9LQ5vNdeJ0IC
Score

10^/10

xmrig evasion miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerpersistence

behavioral2

xmrigevasionminerpersistence

© 2018-2024

Terms | Privacy