xmrig | c3da724b4553d2bc5bba67f525408455c99adfd4e59efe177f583dde09f11925 | Triage

Submit
Reports

Overview

overview

Static

static

e66d1d2d4a...cs.exe

windows7-x64

e66d1d2d4a...cs.exe

windows10-2004-x64

Sharing

General

Target

e66d1d2d4ac7775f583bf2063eb4bdf0_NeikiAnalytics
Size

1.5MB
Sample

240509-yvkhrafb26
MD5

e66d1d2d4ac7775f583bf2063eb4bdf0
SHA1

5364519b4c8a03898df97f0f229d0125f090b06b
SHA256

c3da724b4553d2bc5bba67f525408455c99adfd4e59efe177f583dde09f11925
SHA512

4fa684278aaa7d68cc6c04fb6365d9b46b1b86f86281c2acebdf8c69f0a189d56596efc5d06d64d9fb9200a8fcc8cc7209f15afb9e0d5f2cca728d7c7227aa46
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYRLZcyZswMeQT3C1UyDOnzc+H:Lz071uv4BPMkibTIA5JnsnB9ysH

Score

10^/10

xmrig execution miner upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

e66d1d2d4ac7775f583bf2063eb4bdf0_NeikiAnalytics.exe

Resource

win7-20240220-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e66d1d2d4ac7775f583bf2063eb4bdf0_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

xmrig execution miner upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  e66d1d2d4ac7775f583bf2063eb4bdf0_NeikiAnalytics
- Size
  
  1.5MB
- MD5
  
  e66d1d2d4ac7775f583bf2063eb4bdf0
- SHA1
  
  5364519b4c8a03898df97f0f229d0125f090b06b
- SHA256
  
  c3da724b4553d2bc5bba67f525408455c99adfd4e59efe177f583dde09f11925
- SHA512
  
  4fa684278aaa7d68cc6c04fb6365d9b46b1b86f86281c2acebdf8c69f0a189d56596efc5d06d64d9fb9200a8fcc8cc7209f15afb9e0d5f2cca728d7c7227aa46
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYRLZcyZswMeQT3C1UyDOnzc+H:Lz071uv4BPMkibTIA5JnsnB9ysH
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy