xmrig

General

Target

Bootstrapper.zip
Size

4.8MB
Sample

240901-xhw6cazckb
MD5

72febed8586b32584c0ffc37ff6f571c
SHA1

186288c20c8b8881aa1af9be424821cacbea46f7
SHA256

43d7d31f381753d5e4335a10e9b068f2454536b606520ab4432b3c87528c2f82
SHA512

75b6143dc0ddcc93922da21f1afdcc15763f58160da40e1c4820bb5ca98e23cb8849535a275f15735a5b254b997ee6e530c6f23a9cd23ac5935ebebcd71d9632
SSDEEP

98304:0NXp/PGPMFO22KAB9homBja0BYpC6Ij6j381dWjmEdrsUvDVAWpubhxg0BZUZ4b:IVPGPMY3namBhXfCsgL6ULVvkTg0oY

Score

10^/10

Malware Config

Targets

- Target
  
  Bootstrapper.exe
- Size
  
  5.9MB
- MD5
  
  3b1001b7fbc3df8979b738fe0e6b2e94
- SHA1
  
  38e286d6537a5dfc8f6d780f6855619fef2c8a75
- SHA256
  
  f6b7bbef0c8a6061563078824052551b1cd7a558f22d06cd427889c0088fe498
- SHA512
  
  da96b03811b507e6a851c7a6870e9fa383a1850d0090fd7766be65d341d434e80003c1c95b2ef582462466f46f4c6074d466ef5926caa6a654d5a3581f912886
- SSDEEP
  
  98304:wyTvgk+d41nz7yiiIqFmX9//u4iYrVYtgkrEm/srjft6xU0ejqIam1mjp0AF:NTgnd8nnybIqFs9SYrVYaaE3tT09m1QB
Score

10^/10

xmrig defense_evasion discovery evasion execution miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
behavioral1 behavioral2