xmrig | 5827d439da4c6728c49d4d6e3377ddcb37254c6a478a8df7bbd7c2c2f392fb71 | Triage

Submit
Reports

Overview

overview

Static

static

3

f61b5f5f25...18.exe

windows7-x64

f61b5f5f25...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f61b5f5f259f47b3638f43aeb8e7a745_JaffaCakes118
Size

1.7MB
Sample

240925-qnmersxepq
MD5

f61b5f5f259f47b3638f43aeb8e7a745
SHA1

1aac7b282c121d231a595a753912290d40bde606
SHA256

5827d439da4c6728c49d4d6e3377ddcb37254c6a478a8df7bbd7c2c2f392fb71
SHA512

c830e17a5c53e7cedd5da092445d0bcdd1a1245c1bd7d0d560808899023f6d0f5d1d441d0db4be76211fc00ee5628334b14b250a4f3320540280c5f86ea39eab
SSDEEP

24576:rmoO8itEqfZLNlddoSQD4yviVtkJPCk63eSrLLT85/8UrU3RXJgC2HMkUM1BIbFN:qvZLNlwTcyviIPEtLL45/8UrMRqfAKml

Score

10^/10

xmrig discovery miner persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f61b5f5f259f47b3638f43aeb8e7a745_JaffaCakes118.exe

Resource

win7-20240903-en

xmrig discovery miner persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f61b5f5f259f47b3638f43aeb8e7a745_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xmrig discovery miner persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  f61b5f5f259f47b3638f43aeb8e7a745_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  f61b5f5f259f47b3638f43aeb8e7a745
- SHA1
  
  1aac7b282c121d231a595a753912290d40bde606
- SHA256
  
  5827d439da4c6728c49d4d6e3377ddcb37254c6a478a8df7bbd7c2c2f392fb71
- SHA512
  
  c830e17a5c53e7cedd5da092445d0bcdd1a1245c1bd7d0d560808899023f6d0f5d1d441d0db4be76211fc00ee5628334b14b250a4f3320540280c5f86ea39eab
- SSDEEP
  
  24576:rmoO8itEqfZLNlddoSQD4yviVtkJPCk63eSrLLT85/8UrU3RXJgC2HMkUM1BIbFN:qvZLNlwTcyviIPEtLL45/8UrMRqfAKml
Score

10^/10

xmrig discovery miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigdiscoveryminerpersistence

behavioral2

xmrigdiscoveryminerpersistence

© 2018-2025

Terms | Privacy