xmrig | 8b08682286aac6ac2b38570964164e4b0d3911732342720618a80839819c5590 | Triage

Submit
Reports

Overview

overview

Static

static

67156fef93...cs.exe

windows7-x64

67156fef93...cs.exe

windows10-2004-x64

Sharing

General

Target

67156fef93c776c4ae165b546ed4e360_NeikiAnalytics.exe
Size

1.5MB
Sample

240523-bay43sfg47
MD5

67156fef93c776c4ae165b546ed4e360
SHA1

eec8bead030aec7badccec67f23b6e797d5ba7fa
SHA256

8b08682286aac6ac2b38570964164e4b0d3911732342720618a80839819c5590
SHA512

71c2578a56a8a486b4f9688c10046b755f5fdc40119b46ff0e2fc08daffbe9e392ced2cc2e29d6a41a47f1b1cc75d5addc9775e4f464f60cfcc2a2cc9c9d90fe
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkJMtQXd:Lz071uv4BPMkHC0I6Gz3N1pIO

Score

10^/10

xmrig execution miner upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

67156fef93c776c4ae165b546ed4e360_NeikiAnalytics.exe

Resource

win7-20240221-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

67156fef93c776c4ae165b546ed4e360_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

xmrig execution miner upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  67156fef93c776c4ae165b546ed4e360_NeikiAnalytics.exe
- Size
  
  1.5MB
- MD5
  
  67156fef93c776c4ae165b546ed4e360
- SHA1
  
  eec8bead030aec7badccec67f23b6e797d5ba7fa
- SHA256
  
  8b08682286aac6ac2b38570964164e4b0d3911732342720618a80839819c5590
- SHA512
  
  71c2578a56a8a486b4f9688c10046b755f5fdc40119b46ff0e2fc08daffbe9e392ced2cc2e29d6a41a47f1b1cc75d5addc9775e4f464f60cfcc2a2cc9c9d90fe
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkJMtQXd:Lz071uv4BPMkHC0I6Gz3N1pIO
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy