xmrig | 6719fdbc85d2dfdcf5d9b974fa569005a4e2aaf2265b42ab229ee3ad5c2c044a | Triage

Submit
Reports

Overview

overview

Static

static

06516ad9fc...0N.exe

windows7-x64

06516ad9fc...0N.exe

windows10-2004-x64

Sharing

General

Target

06516ad9fcffe9f9a960872ce004c430N.exe
Size

3.2MB
Sample

240801-1ewbesxaqj
MD5

06516ad9fcffe9f9a960872ce004c430
SHA1

fe0ccc5f9abe502f5e400923736dbe1a894f209e
SHA256

6719fdbc85d2dfdcf5d9b974fa569005a4e2aaf2265b42ab229ee3ad5c2c044a
SHA512

19de159c930f9dd07adf8868c4ce1081934de0cad11eeba2046e24d633068641c4c9ebdf1836e6502a16d28243f8af7a462a5e28fec80177e8d08c2755436700
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWD:7bBeSFkX

Score

10^/10

xmrig execution miner persistence upx

Static task

static1

miner upx xmrig

4 signatures

Behavioral task

behavioral1

Sample

06516ad9fcffe9f9a960872ce004c430N.exe

Resource

win7-20240708-en

xmrig execution miner upx

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

06516ad9fcffe9f9a960872ce004c430N.exe

Resource

win10v2004-20240730-en

xmrig execution miner persistence upx

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Targets

- Target
  
  06516ad9fcffe9f9a960872ce004c430N.exe
- Size
  
  3.2MB
- MD5
  
  06516ad9fcffe9f9a960872ce004c430
- SHA1
  
  fe0ccc5f9abe502f5e400923736dbe1a894f209e
- SHA256
  
  6719fdbc85d2dfdcf5d9b974fa569005a4e2aaf2265b42ab229ee3ad5c2c044a
- SHA512
  
  19de159c930f9dd07adf8868c4ce1081934de0cad11eeba2046e24d633068641c4c9ebdf1836e6502a16d28243f8af7a462a5e28fec80177e8d08c2755436700
- SSDEEP
  
  98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWD:7bBeSFkX
Score

10^/10

xmrig execution miner upx persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy