xmrig | 8fc778877db2cdc8d7df6a6617aa3d0cac8e6f71daf073a5ca94d01fd570c327 | Triage

Submit
Reports

Overview

overview

Static

static

8fc778877d...27.exe

windows7-x64

8fc778877d...27.exe

windows10-2004-x64

Sharing

General

Target

8fc778877db2cdc8d7df6a6617aa3d0cac8e6f71daf073a5ca94d01fd570c327
Size

3.2MB
Sample

240522-dkz58sad6z
MD5

9ada47a5d3d0f733c561a2b386215cad
SHA1

d9c3a75a67ad6c34a081c185d0f366c90027dded
SHA256

8fc778877db2cdc8d7df6a6617aa3d0cac8e6f71daf073a5ca94d01fd570c327
SHA512

cf5f31eb32e1c79820d8040d3fef862ade2c23750104ef9af514b7b57fb0df5fb659e8b6db7a27a27c1c7d55dcce6ca047366b68ba396efd6f27a889318a401b
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWp:SbBeSFkF

Score

10^/10

xmrig execution miner persistence upx

Static task

static1

miner upx xmrig

6 signatures

Behavioral task

behavioral1

Sample

8fc778877db2cdc8d7df6a6617aa3d0cac8e6f71daf073a5ca94d01fd570c327.exe

Resource

win7-20240221-en

xmrig execution miner upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8fc778877db2cdc8d7df6a6617aa3d0cac8e6f71daf073a5ca94d01fd570c327.exe

Resource

win10v2004-20240508-en

xmrig execution miner persistence upx

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  8fc778877db2cdc8d7df6a6617aa3d0cac8e6f71daf073a5ca94d01fd570c327
- Size
  
  3.2MB
- MD5
  
  9ada47a5d3d0f733c561a2b386215cad
- SHA1
  
  d9c3a75a67ad6c34a081c185d0f366c90027dded
- SHA256
  
  8fc778877db2cdc8d7df6a6617aa3d0cac8e6f71daf073a5ca94d01fd570c327
- SHA512
  
  cf5f31eb32e1c79820d8040d3fef862ade2c23750104ef9af514b7b57fb0df5fb659e8b6db7a27a27c1c7d55dcce6ca047366b68ba396efd6f27a889318a401b
- SSDEEP
  
  98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWp:SbBeSFkF
Score

10^/10

xmrig execution miner upx persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detects executables containing URLs to raw contents of a Github gist
- UPX dump on OEP (original entry point)
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerpersistenceupx

© 2018-2024

Terms | Privacy