xmrig | 3bc9c1d7f87f71c9e98fac63c2f10d2651f51848082a85d6b3550649e4289d56 | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

5.0MB
Sample

240225-pf9pnabb92
MD5

a3fb2b623f4490ae1979fea68cfe36d6
SHA1

34bec167e0f95ecc36761f77c93c1229c2c5d1f4
SHA256

3bc9c1d7f87f71c9e98fac63c2f10d2651f51848082a85d6b3550649e4289d56
SHA512

370b23364bcf8f07aa951c1c6a9d6b03b516db8fd7444d25087ad8071c54bb06fd50ce311a205e0770211167728d86516e934a39a606f0bf0c9fbdd13dca7912
SSDEEP

98304:xrd0tlZ+I89l7cGcGI4G/Mul2rq/aReDkizMeQUz4:x+tlQ4zGk/Mul2rVe4iwVU

Score

10^/10

xmrig zgrat miner rat upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20240221-en

xmrig zgrat miner rat upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20240221-en

xmrig zgrat miner rat upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  5.0MB
- MD5
  
  a3fb2b623f4490ae1979fea68cfe36d6
- SHA1
  
  34bec167e0f95ecc36761f77c93c1229c2c5d1f4
- SHA256
  
  3bc9c1d7f87f71c9e98fac63c2f10d2651f51848082a85d6b3550649e4289d56
- SHA512
  
  370b23364bcf8f07aa951c1c6a9d6b03b516db8fd7444d25087ad8071c54bb06fd50ce311a205e0770211167728d86516e934a39a606f0bf0c9fbdd13dca7912
- SSDEEP
  
  98304:xrd0tlZ+I89l7cGcGI4G/Mul2rq/aReDkizMeQUz4:x+tlQ4zGk/Mul2rVe4iwVU
Score

10^/10

xmrig zgrat miner rat upx
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigzgratminerratupx

behavioral2

xmrigzgratminerratupx

© 2018-2025

Terms | Privacy