xmrig | b95fdb4a4b5303fda5264c1879f3ad1c847d7fea4c924e7aef7e5248f5796054 | Triage

Submit
Reports

Overview

overview

Static

static

3

final1.exe

windows10-1703-x64

Sharing

General

Target

final1.EXE
Size

36.9MB
Sample

240528-shpn2shh3x
MD5

4e463f20f2fd3d53e026b543af7cf6d5
SHA1

d682f9e49845b855a7b16c584b528e13fcd3fbd6
SHA256

b95fdb4a4b5303fda5264c1879f3ad1c847d7fea4c924e7aef7e5248f5796054
SHA512

94e7ea55e96ce1118abd283473e66dedc933d7b6bf10713e3da4db5fa91bba3ca0a61580f01213c62282c7b272855c8c8b43e2f3fa410339349676f8d6eaf6de
SSDEEP

786432:iwVo2WemvOTIVQKzugWcr9YIZUduYvcbFfSmMCqCKncs9Zllz:iNemvOTI2KzjqDduYEpts7

Score

10^/10

xmrig evasion execution miner persistence pyinstaller upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

final1.exe

Resource

win10-20240404-en

xmrig evasion execution miner persistence pyinstaller upx

windows10-1703-x64

20 signatures

60 seconds

Malware Config

Targets

- Target
  
  final1.EXE
- Size
  
  36.9MB
- MD5
  
  4e463f20f2fd3d53e026b543af7cf6d5
- SHA1
  
  d682f9e49845b855a7b16c584b528e13fcd3fbd6
- SHA256
  
  b95fdb4a4b5303fda5264c1879f3ad1c847d7fea4c924e7aef7e5248f5796054
- SHA512
  
  94e7ea55e96ce1118abd283473e66dedc933d7b6bf10713e3da4db5fa91bba3ca0a61580f01213c62282c7b272855c8c8b43e2f3fa410339349676f8d6eaf6de
- SSDEEP
  
  786432:iwVo2WemvOTIVQKzugWcr9YIZUduYvcbFfSmMCqCKncs9Zllz:iNemvOTI2KzjqDduYEpts7
Score

10^/10

xmrig evasion execution miner persistence pyinstaller upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionexecutionminerpersistencepyinstallerupx

© 2018-2024

Terms | Privacy