xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

AV (infected).zip
Size

5.8MB
Sample

241017-kqyb6atfkp
MD5

db01a1f4a92ebc8aa7c8005b403e18b6
SHA1

fc9d6c8cb192d7dd774ff66d1313a5ed1f4f494b
SHA256

e9fd75f44ea1a66857b405ac6d9c29f9542149bda25e203f025fddc6657d3c20
SHA512

6a9d544b022be0c86b31e4a7d96e553cef865c9dd0d3a4a4cabddabbd3a65636a7b8dc66e502268d969feef691726d983d8e32d8eb59be9a5471d1408106f4be
SSDEEP

98304:iQzncXhJ7rFhGMakEYF3uWqcchOMHdZs8ajAsKC3IXWKKOVkhQzgp9kaZ4sK/DL:hzcXhJ7nG032+2rHiAFC38qOOWJaZpwL

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
password

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
123123

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
123

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
pass1234

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
www

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
wwwwww

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
www1

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
www123

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
www2016

Extracted

Credentials

Protocol: ftp
Host:
154.216.59.56
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
www2015

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
www!

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
P@ssw0rd!!

Extracted

Credentials

Protocol: ftp
Host:
154.216.59.56
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
qwa123

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
12345678

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
test

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
123qwe!@#

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
123456789

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
password

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
123321

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
1314520

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
123123

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
123

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
159357

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
pass1234

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
www

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
www2017

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
wwwwww

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
666666

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
www1

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www
Password:
www123

Extracted

Credentials

Protocol: ftp
Host:
97.89.74.218
Port:
21
Username:
www
Password:
woaini

Extracted

Credentials

Protocol: ftp
Host:
191.6.223.245
Port:
21
Username:
www

Targets

- Target
  
  AV.scr
- Size
  
  5.9MB
- MD5
  
  ca1fb1ad30189110cc225620dc537368
- SHA1
  
  bfc2de8f0b376a6f1ff1930a4f261709a27e92ec
- SHA256
  
  3fde84a46aea58ba4ddb5fb0473fc756ff209ba96b1a63a2759d13b8adc01a69
- SHA512
  
  11737f00ac297040b40cfe6879b695c9900b6b2a691e0b4e12c190ed9918179d0b7a76415d67368d3767f7d357e1c0df202af618964986f72dcbac7bfd5ace17
- SSDEEP
  
  98304:RLNSThOfTCiFBXmfFs+JhTpCVoR8oMEOJ6Ty3RvX+A0eVObApY:bBfTCiUsBVSLOJgyBG3KTp
Score

10^/10

xmrig discovery evasion miner persistence privilege_escalation pyinstaller upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Contacts a large (672) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Windows Firewall
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1