xmrig | 6976f75a5d03245619d1cf76029841c0a7596a3e13ec8aea5ff2a7b0063cf1bb | Triage

Submit
Reports

Overview

overview

Static

static

e6e33ab292...0N.exe

windows7-x64

e6e33ab292...0N.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

e6e33ab2926ef82ffd641a2b1e47af80N
Size

1.9MB
Sample

240912-xcedcayblr
MD5

e6e33ab2926ef82ffd641a2b1e47af80
SHA1

4ad36884a5c74cf73b1e2f9a8a605f593b099cee
SHA256

6976f75a5d03245619d1cf76029841c0a7596a3e13ec8aea5ff2a7b0063cf1bb
SHA512

cc0417e166dcaa6a51a51637cfad5458045cc2615c97e1c314bb5b7d709b4e0beb05380a6d596eb9672e4ff2d8575d1222fe021d327e7e0f4b9a270ab8224c50
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjpbc8nJwbomvu2Nrlum7+a7EtLgCPimz+:Lz071uv4BPMkHC0IBcAUNRSa7kj5zo3b

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

e6e33ab2926ef82ffd641a2b1e47af80N.exe

Resource

win7-20240704-en

xmrig execution miner persistence privilege_escalation upx

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

e6e33ab2926ef82ffd641a2b1e47af80N.exe

Resource

win10v2004-20240802-en

xmrig execution miner upx

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  e6e33ab2926ef82ffd641a2b1e47af80N
- Size
  
  1.9MB
- MD5
  
  e6e33ab2926ef82ffd641a2b1e47af80
- SHA1
  
  4ad36884a5c74cf73b1e2f9a8a605f593b099cee
- SHA256
  
  6976f75a5d03245619d1cf76029841c0a7596a3e13ec8aea5ff2a7b0063cf1bb
- SHA512
  
  cc0417e166dcaa6a51a51637cfad5458045cc2615c97e1c314bb5b7d709b4e0beb05380a6d596eb9672e4ff2d8575d1222fe021d327e7e0f4b9a270ab8224c50
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjpbc8nJwbomvu2Nrlum7+a7EtLgCPimz+:Lz071uv4BPMkHC0IBcAUNRSa7kj5zo3b
Score

10^/10

xmrig execution miner persistence privilege_escalation upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerpersistenceprivilege_escalationupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy