xmrig

General

Target

3c229903cf280523f35a46813153c440N.exe
Size

1.8MB
Sample

240726-wnac4aveqq
MD5

3c229903cf280523f35a46813153c440
SHA1

06fac708f8f8adee485eeec98e994d7d18a6b922
SHA256

3171122037764780f689b5940f870b45c3a7d67aa98bfc0cec173d47d9732654
SHA512

b36d8fb1ac2bae8ecf7bf4868a0cc732ac67085d8390e824d65c9b161d4091792438d2a7f3510ae7a528fe399d29effbf39da1d7bf4bbb33c9f4cb0df215afe4
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pfy+k8uX:NABa

Score

10^/10

Malware Config

Targets

- Target
  
  3c229903cf280523f35a46813153c440N.exe
- Size
  
  1.8MB
- MD5
  
  3c229903cf280523f35a46813153c440
- SHA1
  
  06fac708f8f8adee485eeec98e994d7d18a6b922
- SHA256
  
  3171122037764780f689b5940f870b45c3a7d67aa98bfc0cec173d47d9732654
- SHA512
  
  b36d8fb1ac2bae8ecf7bf4868a0cc732ac67085d8390e824d65c9b161d4091792438d2a7f3510ae7a528fe399d29effbf39da1d7bf4bbb33c9f4cb0df215afe4
- SSDEEP
  
  49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pfy+k8uX:NABa
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

XMRig Miner payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2