xmrig | 4ac45e3ec2140badf92ca9034666474504cad8615efc90fbd406360a71be6723 | Triage

Submit
Reports

Overview

overview

Static

static

3

qrehadfoimfm_mal.exe

windows7-x64

5

qrehadfoimfm_mal.exe

windows10-2004-x64

Sharing

General

Target

qrehadfoimfm_mal.exe
Size

5.4MB
Sample

240423-vzabssac38
MD5

5cafa46103ed17c0ba864f5d7c5c1cdd
SHA1

ab1a1ce8553774c82f0b2de57500baef74d223c5
SHA256

4ac45e3ec2140badf92ca9034666474504cad8615efc90fbd406360a71be6723
SHA512

5239b03c325ff9c825600f5c85d6bde492be95ef564a6e343441371af7ddbc871d9ebb401b3327b3be15ad8cb1d336f8fe3c4f954b3afb37443d24a0797a3930
SSDEEP

98304:5LRQhMkUoS3e9PRkWi1p2bw+tEBV4XbtDLAFCLecWIAZS2HdhmC7KODkk6Qow:JS2bBkpkL2bw+tEBVMDLAFCChInihn+g

Score

10^/10

xmrig evasion miner persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

qrehadfoimfm_mal.exe

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

qrehadfoimfm_mal.exe

Resource

win10v2004-20240412-en

xmrig evasion miner persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  qrehadfoimfm_mal.exe
- Size
  
  5.4MB
- MD5
  
  5cafa46103ed17c0ba864f5d7c5c1cdd
- SHA1
  
  ab1a1ce8553774c82f0b2de57500baef74d223c5
- SHA256
  
  4ac45e3ec2140badf92ca9034666474504cad8615efc90fbd406360a71be6723
- SHA512
  
  5239b03c325ff9c825600f5c85d6bde492be95ef564a6e343441371af7ddbc871d9ebb401b3327b3be15ad8cb1d336f8fe3c4f954b3afb37443d24a0797a3930
- SSDEEP
  
  98304:5LRQhMkUoS3e9PRkWi1p2bw+tEBV4XbtDLAFCLecWIAZS2HdhmC7KODkk6Qow:JS2bBkpkL2bw+tEBVMDLAFCChInihn+g
Score

10^/10

xmrig evasion miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

xmrigevasionminerpersistence

© 2018-2024

Terms | Privacy