xmrig | d6350d8a664b3585108ee2b6f04f031d478e97a53962786b18e4780a3ca3da60 | Triage

Submit
Reports

Overview

overview

Static

static

d6350d8a66...60.exe

windows7-x64

d6350d8a66...60.exe

windows10-2004-x64

Sharing

General

Target

d6350d8a664b3585108ee2b6f04f031d478e97a53962786b18e4780a3ca3da60.exe
Size

9.0MB
Sample

240615-cpn34azcjn
MD5

a2af48a018c65d34b445bd35bdd1b597
SHA1

76daedc184a0cb9a717fc49f86a57b5baed0a35c
SHA256

d6350d8a664b3585108ee2b6f04f031d478e97a53962786b18e4780a3ca3da60
SHA512

d8def07a8accdb65b6b9dfc3168981b600a78310ec06cb626fcd000e7bcc4627ff5be7fc9f26992838226d84982ddd470d9ac89e041727e72b738a61bec61319
SSDEEP

196608:rhHMBGC3PtXtT+Was8ywq1wo9JoYx5JAMdJOnZTG1IvQSaKe6NZOn:r2G0jwuwasMdJOnZKVSaaNZOn

Score

10^/10

xmrig miner persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d6350d8a664b3585108ee2b6f04f031d478e97a53962786b18e4780a3ca3da60.exe

Resource

win7-20231129-en

xmrig miner persistence upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

d6350d8a664b3585108ee2b6f04f031d478e97a53962786b18e4780a3ca3da60.exe

Resource

win10v2004-20240611-en

xmrig miner persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  d6350d8a664b3585108ee2b6f04f031d478e97a53962786b18e4780a3ca3da60.exe
- Size
  
  9.0MB
- MD5
  
  a2af48a018c65d34b445bd35bdd1b597
- SHA1
  
  76daedc184a0cb9a717fc49f86a57b5baed0a35c
- SHA256
  
  d6350d8a664b3585108ee2b6f04f031d478e97a53962786b18e4780a3ca3da60
- SHA512
  
  d8def07a8accdb65b6b9dfc3168981b600a78310ec06cb626fcd000e7bcc4627ff5be7fc9f26992838226d84982ddd470d9ac89e041727e72b738a61bec61319
- SSDEEP
  
  196608:rhHMBGC3PtXtT+Was8ywq1wo9JoYx5JAMdJOnZTG1IvQSaKe6NZOn:r2G0jwuwasMdJOnZKVSaaNZOn
Score

10^/10

xmrig miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detects Windows executables referencing non-Windows User-Agents
- UPX dump on OEP (original entry point)
- XMRig Miner payload
  miner
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigminerpersistenceupx

behavioral2

xmrigminerpersistenceupx

© 2018-2024

Terms | Privacy