xmrig | 42b9c295089c7cf9141f5d0a40a1155cfd3627888579473f8c9b80e8e3ea1c48 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

NjRat 0.7D...23.exe

windows10-1703-x64

NjRat 0.7D...23.exe

windows10-2004-x64

Sharing

General

Target

NjRat 0.7D Green Edition by im523.exe
Size

2.5MB
Sample

240721-rndy3avgqm
MD5

db03ed78b35220d0a178d0c4cba27e76
SHA1

ba576c67c78c680e2f8c5375d294b5dbd7c3250e
SHA256

42b9c295089c7cf9141f5d0a40a1155cfd3627888579473f8c9b80e8e3ea1c48
SHA512

c272cfef5199450c903443ae3259191d1ecfd8795854e297aef36c819af8887233419b98bb54e5e5894846a1454c398991487547191c66de00881c31e6d1ae93
SSDEEP

49152:LJNiJe3T1/rgMVwPpIGGHgoQhLL2RWNbftLLQPFfO5SSOp:LJNReMVmILHg3gMQSjO

Score

10^/10

xmrig evasion execution miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NjRat 0.7D Green Edition by im523.exe

Resource

win10-20240611-en

xmrig evasion execution miner persistence upx

windows10-1703-x64

11 signatures

60 seconds

Behavioral task

behavioral2

Sample

NjRat 0.7D Green Edition by im523.exe

Resource

win10v2004-20240709-en

xmrig evasion execution miner persistence upx

windows10-2004-x64

11 signatures

60 seconds

Malware Config

Targets

- Target
  
  NjRat 0.7D Green Edition by im523.exe
- Size
  
  2.5MB
- MD5
  
  db03ed78b35220d0a178d0c4cba27e76
- SHA1
  
  ba576c67c78c680e2f8c5375d294b5dbd7c3250e
- SHA256
  
  42b9c295089c7cf9141f5d0a40a1155cfd3627888579473f8c9b80e8e3ea1c48
- SHA512
  
  c272cfef5199450c903443ae3259191d1ecfd8795854e297aef36c819af8887233419b98bb54e5e5894846a1454c398991487547191c66de00881c31e6d1ae93
- SSDEEP
  
  49152:LJNiJe3T1/rgMVwPpIGGHgoQhLL2RWNbftLLQPFfO5SSOp:LJNReMVmILHg3gMQSjO
Score

10^/10

xmrig evasion execution miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionexecutionminerpersistenceupx

behavioral2

xmrigevasionexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy