xmrig | ac4ec1f0338085cf15f076212941130b1d31cd81b77a1c4b88ecf727334ac6da | Triage

Sharing

General

Target

vers1.bat
Size

329B
Sample

240625-vj22wavdjm
MD5

77d59dcc9fd11db5ecdd3e67bcc0e7ea
SHA1

9e0a63f9f5441a101cb61354695514206c757be5
SHA256

ac4ec1f0338085cf15f076212941130b1d31cd81b77a1c4b88ecf727334ac6da
SHA512

6dc2657454821281c5f51a7d5d863387bd05ea0346c703178cf66dafbb09dcd8bb9895d96f1dbf370b1f8369b73a4a8ac22055994a45aa3695e7cbadfff6d14f

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://rentry.co/regele/raw

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

- Target
  
  vers1.bat
- Size
  
  329B
- MD5
  
  77d59dcc9fd11db5ecdd3e67bcc0e7ea
- SHA1
  
  9e0a63f9f5441a101cb61354695514206c757be5
- SHA256
  
  ac4ec1f0338085cf15f076212941130b1d31cd81b77a1c4b88ecf727334ac6da
- SHA512
  
  6dc2657454821281c5f51a7d5d863387bd05ea0346c703178cf66dafbb09dcd8bb9895d96f1dbf370b1f8369b73a4a8ac22055994a45aa3695e7cbadfff6d14f
Score

10^/10

xmrig evasion execution miner
- XMRig Miner payload
  miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Blocklisted process makes network request
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionexecutionminer