xmrig | 267fc9dc15f2466071c23bc5dcfafa9e1f82a0f2547dd238d486c80573c583cb | Triage

Submit
Reports

Overview

overview

Static

static

72c4c0c57f...cs.exe

windows7-x64

72c4c0c57f...cs.exe

windows10-2004-x64

Sharing

General

Target

72c4c0c57f9de6920c87c4b41e51b3b0_NeikiAnalytics.exe
Size

1.7MB
Sample

240613-l2ws5stfme
MD5

72c4c0c57f9de6920c87c4b41e51b3b0
SHA1

138213830e3659e9ad2f66ea90601ae590d33da8
SHA256

267fc9dc15f2466071c23bc5dcfafa9e1f82a0f2547dd238d486c80573c583cb
SHA512

3090bcee0c9ba13b3f9b051a8ebd86ae729cc79dac2d13d8702b56af411e70fd7bdc01064cdcca1e9f17d1ad062447a67c78b76e59010654c4cae02c6899284d
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupaXHeYusCJ7MNXnHXLHmYTInhjCj:Lz071uv4BPMki8CnfLDCtW7iMj

Score

10^/10

xmrig execution miner upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

72c4c0c57f9de6920c87c4b41e51b3b0_NeikiAnalytics.exe

Resource

win7-20240419-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

72c4c0c57f9de6920c87c4b41e51b3b0_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

xmrig execution miner upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  72c4c0c57f9de6920c87c4b41e51b3b0_NeikiAnalytics.exe
- Size
  
  1.7MB
- MD5
  
  72c4c0c57f9de6920c87c4b41e51b3b0
- SHA1
  
  138213830e3659e9ad2f66ea90601ae590d33da8
- SHA256
  
  267fc9dc15f2466071c23bc5dcfafa9e1f82a0f2547dd238d486c80573c583cb
- SHA512
  
  3090bcee0c9ba13b3f9b051a8ebd86ae729cc79dac2d13d8702b56af411e70fd7bdc01064cdcca1e9f17d1ad062447a67c78b76e59010654c4cae02c6899284d
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupaXHeYusCJ7MNXnHXLHmYTInhjCj:Lz071uv4BPMki8CnfLDCtW7iMj
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy