xmrig | eea3daa9f4c7ce4a1c649661a973c663daa6d8b82fc95521ad5264a2ff05a475 | Triage

Submit
Reports

Overview

overview

Static

static

1

hurtownia2018full.sql

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

hurtownia2018full.sql
Size

11KB
Sample

240522-p8aq2acc7z
MD5

f659bce6e2dd947f04eb35dcb0ad9fbd
SHA1

f8b5aaabcb81313af8346e1c2a6971ce968170e7
SHA256

eea3daa9f4c7ce4a1c649661a973c663daa6d8b82fc95521ad5264a2ff05a475
SHA512

7efab4fb1b2fa1be428ed89482952a34203782d7537b8bf50950b74f2ba00d98682a79b1f8a3e1ba583601c85c1711da1aa0f4d4bd06cc1ff9d5ad0e2b86d2a2
SSDEEP

192:wQyWu6PmvYXyeBsMbJOFz2PbWb6YcFgk/trCLoelA:wQy36PmvYXLT/trg7u

Score

10^/10

xmrig evasion execution miner persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

hurtownia2018full.sql

Resource

win11-20240508-en

xmrig evasion execution miner persistence upx

windows11-21h2-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  hurtownia2018full.sql
- Size
  
  11KB
- MD5
  
  f659bce6e2dd947f04eb35dcb0ad9fbd
- SHA1
  
  f8b5aaabcb81313af8346e1c2a6971ce968170e7
- SHA256
  
  eea3daa9f4c7ce4a1c649661a973c663daa6d8b82fc95521ad5264a2ff05a475
- SHA512
  
  7efab4fb1b2fa1be428ed89482952a34203782d7537b8bf50950b74f2ba00d98682a79b1f8a3e1ba583601c85c1711da1aa0f4d4bd06cc1ff9d5ad0e2b86d2a2
- SSDEEP
  
  192:wQyWu6PmvYXyeBsMbJOFz2PbWb6YcFgk/trCLoelA:wQy36PmvYXLT/trg7u
Score

10^/10

xmrig evasion execution miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy