xmrig | 54d75b69a448bda4dedb9e6fe3335d7c2457e0d0264c7c457cca17364c970eca | Triage

Submit
Reports

Overview

overview

Static

static

54d75b69a4...ca.exe

windows7-x64

54d75b69a4...ca.exe

windows10-2004-x64

Sharing

General

Target

54d75b69a448bda4dedb9e6fe3335d7c2457e0d0264c7c457cca17364c970eca
Size

1.8MB
Sample

240613-2xextsxgmp
MD5

f4f69f2d004a582e6530e18087d13df7
SHA1

4490eabb249b77d8aa18d3b366cba0674a7f147b
SHA256

54d75b69a448bda4dedb9e6fe3335d7c2457e0d0264c7c457cca17364c970eca
SHA512

7977dfdec7f85c172e90a48bacc000d3b68d72febb00967f410ddea94838c42b396a366993b920c8a5be15664887b7a87f263ce0f0bc2ca3c59dbe0b5b7b4d2d
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7fI+7RrTFl6hvVjC:Lz071uv4BPMkyW10/w16BvZX71Fq86zM

Score

10^/10

xmrig execution miner upx

Static task

static1

upx miner xmrig

6 signatures

Behavioral task

behavioral1

Sample

54d75b69a448bda4dedb9e6fe3335d7c2457e0d0264c7c457cca17364c970eca.exe

Resource

win7-20240508-en

xmrig execution miner upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

54d75b69a448bda4dedb9e6fe3335d7c2457e0d0264c7c457cca17364c970eca.exe

Resource

win10v2004-20240508-en

xmrig execution miner upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  54d75b69a448bda4dedb9e6fe3335d7c2457e0d0264c7c457cca17364c970eca
- Size
  
  1.8MB
- MD5
  
  f4f69f2d004a582e6530e18087d13df7
- SHA1
  
  4490eabb249b77d8aa18d3b366cba0674a7f147b
- SHA256
  
  54d75b69a448bda4dedb9e6fe3335d7c2457e0d0264c7c457cca17364c970eca
- SHA512
  
  7977dfdec7f85c172e90a48bacc000d3b68d72febb00967f410ddea94838c42b396a366993b920c8a5be15664887b7a87f263ce0f0bc2ca3c59dbe0b5b7b4d2d
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7fI+7RrTFl6hvVjC:Lz071uv4BPMkyW10/w16BvZX71Fq86zM
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detects executables containing URLs to raw contents of a Github gist
- UPX dump on OEP (original entry point)
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy