xmrig | bcff459a47eedc1d7377aa23e1089918516968cef8fc4fceb9da77df9854907f | Triage

Submit
Reports

Overview

overview

Static

static

3

bcff459a47...7f.exe

windows10-1703-x64

Sharing

General

Target

bcff459a47eedc1d7377aa23e1089918516968cef8fc4fceb9da77df9854907f.exe
Size

2.6MB
Sample

240220-zdt7asfc33
MD5

34d4591575fdbde20d36469f54b0022f
SHA1

0a938faca18c4733bc5fad3b1ae8c523eebcba86
SHA256

bcff459a47eedc1d7377aa23e1089918516968cef8fc4fceb9da77df9854907f
SHA512

daf858837283aa9a7f211ecbad745640070645099cbf84a73bd4a23cd166f86a884e8156fa7e76da3d2866dd8ce8fc0e3fe6d983c90558c9a1ab5ddb29f23643
SSDEEP

49152:CrifRBLHC9vvGmkPqzwhzcVUjEBjALZSIlvPfcM/uW8/ae89VqyJBbtKn7:CrALHC9vGm6hILBjALUIlvPUM2W3e89I

Score

10^/10

xmrig evasion miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bcff459a47eedc1d7377aa23e1089918516968cef8fc4fceb9da77df9854907f.exe

Resource

win10-20240214-en

xmrig evasion miner persistence upx

windows10-1703-x64

13 signatures

60 seconds

Malware Config

Targets

- Target
  
  bcff459a47eedc1d7377aa23e1089918516968cef8fc4fceb9da77df9854907f.exe
- Size
  
  2.6MB
- MD5
  
  34d4591575fdbde20d36469f54b0022f
- SHA1
  
  0a938faca18c4733bc5fad3b1ae8c523eebcba86
- SHA256
  
  bcff459a47eedc1d7377aa23e1089918516968cef8fc4fceb9da77df9854907f
- SHA512
  
  daf858837283aa9a7f211ecbad745640070645099cbf84a73bd4a23cd166f86a884e8156fa7e76da3d2866dd8ce8fc0e3fe6d983c90558c9a1ab5ddb29f23643
- SSDEEP
  
  49152:CrifRBLHC9vvGmkPqzwhzcVUjEBjALZSIlvPfcM/uW8/ae89VqyJBbtKn7:CrALHC9vGm6hILBjALUIlvPUM2W3e89I
Score

10^/10

xmrig evasion miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerpersistenceupx

© 2018-2024

Terms | Privacy