xmrig | b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41 | Triage

Submit
Reports

Overview

overview

Static

static

b42f1c8e33...41.exe

windows7-x64

b42f1c8e33...41.exe

windows10-2004-x64

Sharing

General

Target

b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41
Size

1.7MB
Sample

240628-b3k3xsxajj
MD5

cb4207ba094715a98495556c9525d024
SHA1

72983d9322968c3df899b3a82c6566ce7cc2df86
SHA256

b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41
SHA512

68c8975603d9e6b1ee7a909f80d706225b2436b606c6795cd68aebccbdd0a89dafddadc4eff0a6e2d12ebd1848e335e7b0e5dbe39490adef4d4fa94e6e680ce5
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPpHbcMfOoQW:Lz071uv4BPMkFfdg6NsOkc2oW

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Static task

static1

upx miner xmrig

6 signatures

Behavioral task

behavioral1

Sample

b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe

Resource

win7-20240611-en

xmrig execution miner persistence privilege_escalation upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe

Resource

win10v2004-20240508-en

xmrig execution miner upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41
- Size
  
  1.7MB
- MD5
  
  cb4207ba094715a98495556c9525d024
- SHA1
  
  72983d9322968c3df899b3a82c6566ce7cc2df86
- SHA256
  
  b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41
- SHA512
  
  68c8975603d9e6b1ee7a909f80d706225b2436b606c6795cd68aebccbdd0a89dafddadc4eff0a6e2d12ebd1848e335e7b0e5dbe39490adef4d4fa94e6e680ce5
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPpHbcMfOoQW:Lz071uv4BPMkFfdg6NsOkc2oW
Score

10^/10

xmrig execution miner persistence privilege_escalation upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detects executables containing URLs to raw contents of a Github gist
- UPX dump on OEP (original entry point)
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerpersistenceprivilege_escalationupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy