xmrig

General

Target

72fcadf5196585dce72e2982da60fae6.exe
Size

6.6MB
Sample

240306-aqly1seg88
MD5

72fcadf5196585dce72e2982da60fae6
SHA1

d4c6406f3de0eb0a98ef7d33440f7a920b6e9fca
SHA256

b3df220dc7edc143d630cd47300a4f5aa5c6d0ec4940209204084bf4880fa373
SHA512

bf8dbd66a4750c1c27098128c932373f2945c9f9f745011bb3910729a40eb9b81297c0deb36a69396415288d65326c7502e54519f8bf8a01a181bbbdf67b272a
SSDEEP

196608:YFAzFI0lsRlaQVM4vtsV5iyihCKqEkQt:oAI0mFVMG4EhTqEtt

Score

10^/10

Malware Config

Targets

- Target
  
  72fcadf5196585dce72e2982da60fae6.exe
- Size
  
  6.6MB
- MD5
  
  72fcadf5196585dce72e2982da60fae6
- SHA1
  
  d4c6406f3de0eb0a98ef7d33440f7a920b6e9fca
- SHA256
  
  b3df220dc7edc143d630cd47300a4f5aa5c6d0ec4940209204084bf4880fa373
- SHA512
  
  bf8dbd66a4750c1c27098128c932373f2945c9f9f745011bb3910729a40eb9b81297c0deb36a69396415288d65326c7502e54519f8bf8a01a181bbbdf67b272a
- SSDEEP
  
  196608:YFAzFI0lsRlaQVM4vtsV5iyihCKqEkQt:oAI0mFVMG4EhTqEtt
Score

10^/10

zgrat rat upx xmrig miner spyware stealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2