xmrig

General

Target

b4fcd911bfb553bf3495c3ef39671dc0N.exe
Size

1.9MB
Sample

240722-qds5kazcnk
MD5

b4fcd911bfb553bf3495c3ef39671dc0
SHA1

a9c93a4aaf1f2b2b38013591d796e89b8717ae4b
SHA256

946e3588a2a11d6ec63caef9779c56f9891bcc672a3c29ac0d9c844df5c4e9c6
SHA512

eb19bf5fba41571b4c68913611fb42e4318ef17295ac916ae1f92cd8a3d96ed154b2429f9cb0579130c8a6dffbdc148f7d2685673a33d1d18fbf1f5a4fdeec4f
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoYtgWqabE1y14dMPV:Lz071uv4BPMkHC0IEFTo/abRcN91M+8

Score

10^/10

Malware Config

Targets

- Target
  
  b4fcd911bfb553bf3495c3ef39671dc0N.exe
- Size
  
  1.9MB
- MD5
  
  b4fcd911bfb553bf3495c3ef39671dc0
- SHA1
  
  a9c93a4aaf1f2b2b38013591d796e89b8717ae4b
- SHA256
  
  946e3588a2a11d6ec63caef9779c56f9891bcc672a3c29ac0d9c844df5c4e9c6
- SHA512
  
  eb19bf5fba41571b4c68913611fb42e4318ef17295ac916ae1f92cd8a3d96ed154b2429f9cb0579130c8a6dffbdc148f7d2685673a33d1d18fbf1f5a4fdeec4f
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoYtgWqabE1y14dMPV:Lz071uv4BPMkHC0IEFTo/abRcN91M+8
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2