xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

Melonity.zip
Size

108.4MB
Sample

241120-pqt2yswrhs
MD5

4b7a6685c322a80905f97dc48d5ddd63
SHA1

d73c47519789b7fc15617f456a226c037de098a0
SHA256

bc87c85e306f1da4f9d76d95628f7de1c85ed04d5fdf8b0b9c13793df4bd1b28
SHA512

1b72ce640f5d75748b7fa9646fa4ce46bf93c47ad14e13255871949e8e13bdd1f631a68214d9146652e3d94bd2d60c2108f5c33f98dbf676e42e54c73c98946e
SSDEEP

3145728:ZgfAMui7AZazd0/CZN/5ygfAMui7AZazd0/CZt5KJ:ZgruSAZs8SZYgruSAZs8S3KJ

Score

10^/10

Malware Config

Targets

- Target
  
  Melonity.zip
- Size
  
  108.4MB
- MD5
  
  4b7a6685c322a80905f97dc48d5ddd63
- SHA1
  
  d73c47519789b7fc15617f456a226c037de098a0
- SHA256
  
  bc87c85e306f1da4f9d76d95628f7de1c85ed04d5fdf8b0b9c13793df4bd1b28
- SHA512
  
  1b72ce640f5d75748b7fa9646fa4ce46bf93c47ad14e13255871949e8e13bdd1f631a68214d9146652e3d94bd2d60c2108f5c33f98dbf676e42e54c73c98946e
- SSDEEP
  
  3145728:ZgfAMui7AZazd0/CZN/5ygfAMui7AZazd0/CZt5KJ:ZgruSAZs8SZYgruSAZs8S3KJ
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Melonity.exe
- Size
  
  820.2MB
- MD5
  
  3748e8faccd83df8fd0726ea0f37393e
- SHA1
  
  17027754d68d721836978dfc4f7757028d5de0e8
- SHA256
  
  6634600592598534aba76342f50f051971a403c35f87134693208a8af71d275b
- SHA512
  
  29ab9c09532ab813758c0975aea9e3cae9a939b1a38120492ac19c3decbbba47532fb98515a16281ca25150da604493bb988ed7fcd7a45119a39a071b011c6db
- SSDEEP
  
  98304:CSYl+O1E/Uo8EoT9AfvDm+CIUzwNhiDbY1UaV/:CS7Uo/bfyhIUziUbIU+
Score

10^/10

discovery xmrig evasion execution miner persistence upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  Qt5WebEngineCore.dll
- Size
  
  108.6MB
- MD5
  
  c3b619ac876e44f74692612c8757585a
- SHA1
  
  3256dfc390cafa0a276679bfad5ad9fdee103210
- SHA256
  
  7db1cc70873e9fc05bc644c02f074824669a2b8c1c7c596fa3974b76fbf1d1dc
- SHA512
  
  ace72a633e7297a749424491e35b15679979c6a252a20e64570211b1708cfe0ffd4bd1c72766f15a97d5c4209d19c8fc25505972786269e34c8c3b04239260b2
- SSDEEP
  
  786432:177IumwRiPP+QfeimPmmewR8rXJX7xj9Jbec6WYyZDPz03X7IP:9Iumwe+QfeimPmuRcXJBE690U
Score

1^/10
behavioral5 behavioral6
- Target
  
  Source/Qt/labs/platform/plugins.qmltypes
- Size
  
  18KB
- MD5
  
  38d76c26aea10e5ba057c754ee620281
- SHA1
  
  ea7c89f86435e8605b33adaa68cdec9844716a00
- SHA256
  
  48a48c9038c388a6e68e63e44d56ba509f7f61023a5d63bb06dda332febb07a1
- SHA512
  
  4956aaff9141be561429258793f6e00fc58f3b8da3ac6ecd1a3e1c63dcaf2f978aa55e2c03731fac79384d6b3eac71f52ea4ac50a0b2e5f9c9dcc901730a5a29
- SSDEEP
  
  192:ooCFNyU7vyUA6lyUtifPMlViJ2kyGLHLlwyL2vb/WryiuPy6UX87XvKXlR8Sx34t:ooW1HSD2/MSi0VFR2M2Q2XrRKRt2M
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Source/Qt/labs/platform/qmldir
- Size
  
  83B
- MD5
  
  3efa0b5c6943f8bed0ced36e89422461
- SHA1
  
  26321a2a417f6d0c0d31ed11bcb38042833dd64f
- SHA256
  
  1c780d3b28107cd3512870ccbf9931b0e57d673783efbb58b184def2834b1526
- SHA512
  
  1d7f61d0290c822e8b5b09e3900605d994844d4e9a545934509b4dae9c9ecb788f97125b1eaf473edb0ba9770bef040923a4fbfe384e8739cd78048795576ee6
Score

1^/10
behavioral10 behavioral9
- Target
  
  Source/Qt/labs/platform/qtlabsplatformplugin.dll
- Size
  
  232KB
- MD5
  
  ff5f29794e6da43d90a027032379d601
- SHA1
  
  cb559e99964581bdbc80b066c1e1ef3802bf0ae3
- SHA256
  
  afd0d6f88df575935ef320688ce332fa93e9e7daaa0ec07a82e7231befb9e365
- SHA512
  
  721d1c76ce98526e7319fa331b5c2dc4cb76bbcd2843d6278525148166e3785e5904abcfe42b32e1071635500afae8ba0c414fb11e05d60ac2a1f1d2962d54d5
- SSDEEP
  
  3072:Cjni/GdxosrbhUCMYHawgHqPHBPtrP5oA8orxmGnvPeOl0mNfkj4X0Yk/U:CrisZrX57hQUmGnvPeOl0w3Xt
Score

1^/10
behavioral11 behavioral12
- Target
  
  Source/QtGraphicalEffects/Blend.qml
- Size
  
  18KB
- MD5
  
  7831a123d05bb4e4c86ff148fba6cf84
- SHA1
  
  10716c8697de2e1d7b1396e235dc436b0ec1f7e4
- SHA256
  
  92e90129041dc0c3d2436bb26d20a14ce0c92889bbd41bc2dfe8e681bf9fa217
- SHA512
  
  2337e1da07703ecacce090d62811aacefb2ea889c7a89f4e1855e95ba2a2b0b982250d436bdc5b919e91e4dfd26be1357798b95c89087cf3cf960341ddd0789c
- SSDEEP
  
  384:7KkGyxXeP36VFId39jw3YVVoRwwrrScTlj/0wN5ZZzoCdFulb9aJCRsLDTMn7HE:7rGyoP36VFId39jw3YVVoRwwrrScTljD
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  Source/QtGraphicalEffects/BrightnessContrast.qml
- Size
  
  6KB
- MD5
  
  bc296a6a64c176d36c94cb342432be22
- SHA1
  
  fb610e1d7e20ce1f030fceaaa5973ea263bdc4c5
- SHA256
  
  06f6e5631c11abf1325baa8bc1062853124cc7b9eedc3ade584614cfdee83321
- SHA512
  
  6bbb6ef32510d2dc4ff15be1a747eb7d4ad6ad3419ab9e39a934053c0b46e343f6fdab7bbe833bdebf38cc2a597d9c6fc389dcf896b70e2da170a4bb0ffa7a44
- SSDEEP
  
  192:7ILp3RRDQGl0XrDInPH5KNJU9HuHHrgyCTJFcNzMbt3N:7KkGsoPQVLg/uAZN
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Source/QtGraphicalEffects/ColorOverlay.qml
- Size
  
  4KB
- MD5
  
  29081688d43dcb8da43d91554946cffb
- SHA1
  
  a5400a608ddac4e3d9641db0651b9be71f430b88
- SHA256
  
  9df6bee56d7ff66245bd85fa71047a3adeacf2ca05fe1b507cadf0ed3680d9e3
- SHA512
  
  432144ee1a5358aa1077296bab11a71547c1748b8c34df1390fccb6682b92d65099e6d522cf3afb658e57c881021284945248fb08f46289f16365ad287f57ed1
- SSDEEP
  
  96:7InLp3RReSQGPl725XquDIRAJWJSKp5E5A6RaNzMbt3j:7ILp3RRDQGl25XTDIRsmSKp5E5A6RaNg
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Source/QtGraphicalEffects/Colorize.qml
- Size
  
  7KB
- MD5
  
  3e977e23a8aa3c9d0af1297ff0af5ebe
- SHA1
  
  4b5e0ff202e33ebaf761ca5ab53ddae40feca4f6
- SHA256
  
  e3efb696c39e5c383ce5a5ae0873dd5d9296898867e6c66515a050a0b7a76162
- SHA512
  
  711206937b71ecf70c8e0860ff9c912e0a9359c1176f23416b45cd50ac8a43c8c0324abdc4da613a6991807d1542bef6bd360d0153a408fe7bacd3eb3acb44be
- SSDEEP
  
  192:7ILp3RRDQGlM/DH1VwXNDIzHjpFpnALepmJDLo/hgOJjJaLLUfnw7M4Ja11HNIbg:7KkG2C8jXm7DWg6a4n+aFwZS
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Source/QtGraphicalEffects/ConicalGradient.qml
- Size
  
  9KB
- MD5
  
  351be54dd1f2f27ea1f4f16287271899
- SHA1
  
  96fbd345b2415aacba21d5bf57892330119e2550
- SHA256
  
  0d0ad50fccfb5f5d0b08df0a82ffeefb90815a3902bd11f259422d72f83e320e
- SHA512
  
  c6f66d54c606d23d5c548fc9d909733114d40887b09c4c3b678b8860290b8964fc8755a55cdc5fc5dd2214fbeb44aef36c61d3bc04f9f684ba952e39fb1ed541
- SSDEEP
  
  192:7ILp3RRDQGlZOfXRNzMDaPJIXJ5PRtpsVM1M5xNju8pHJz7Rokzeix5Co3KUjB6h:7KkGnOvHXPk5vpSxM8Lz7Jzeix5NEP
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Source/QtGraphicalEffects/DirectionalBlur.qml
- Size
  
  10KB
- MD5
  
  ff7a9355c143ee7d9179e82343739c62
- SHA1
  
  659821b795055c40bb56c0851b29f1e28c7007f9
- SHA256
  
  563909b3db1b65a16e567bad7a20ef2cf6ba73bdf0ec145d521c88f8aa7fd95a
- SHA512
  
  45066f89417f3f2e270119a1e1205ed19dc90964af24af6754aa4da70d3b0a46978eacf981132980fec3d102ba64afc86aeb48b42c09482df5b869fc10904d5f
- SSDEEP
  
  192:7ILp3RRDQGlPIzIFXRRFIFoyQN4JVpCnYXVnzqQJV1RsAMJNzMb4h64B0B1Huc+y:7KkGKkNyLVtnVV4VA4h64B0B1Hu7APV
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Source/QtGraphicalEffects/Displace.qml
- Size
  
  6KB
- MD5
  
  d494a50f68e10816a3e2f7ad0722df51
- SHA1
  
  a079c112628eb775a54e4b5b76465843f817d5a9
- SHA256
  
  3c9aebbab7db3165efa30e9bb8f77918dab1bfafe56082db45b67fc7894d31c5
- SHA512
  
  28e9c5812ff5798cac2b64eed0a48db117cac221c9cbf738ed657707732bb302d8c5f2a52b22cdac82dfd464445a36360331f7dde59d9760d01a0ec90674ddc2
- SSDEEP
  
  192:7ILp3RRDQGlOjpXKobIcyXDkmofSFgrNrdLCf1RBNzMb8r:7KkGIxp9qkzL9yA8r
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Source/QtGraphicalEffects/DropShadow.qml
- Size
  
  11KB
- MD5
  
  7ddfcef5da1028c45765f5c9a263c45b
- SHA1
  
  b5192457fa9b3e236d103ae8350b6c0b2a469cc2
- SHA256
  
  22c8757f09cd4cd1123964f7a663694c02a56eee66195df8161738019ea01448
- SHA512
  
  b231e8a6095f5ed8074f69b48e8e1f57497d7020fae2763352b1564a3975afd6723a0bb5f6c4ba4548f6d5eb7a967d2154a1d6dfe5a5a591ce05d76b43e26896
- SSDEEP
  
  192:7bLp3RRDQGl2mguAXks95R6zky5CgYkQbJgs5rT0Wy5CgZRON0aAJQb5rTBxp3m9:7xkGcduelyvYTgs5rtNoQb5r93c8WsrG
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Source/QtGraphicalEffects/FastBlur.qml
- Size
  
  13KB
- MD5
  
  6484076434f75d0063ede1bb5a82ebe4
- SHA1
  
  00636b42620efb661f0d763e258ed25654af0a7f
- SHA256
  
  ec6833b7f33091fee4b0e1d2f17f7de65fc142ed1482fa2756701f8c817bcfda
- SHA512
  
  2b5330fc025c41a5f15f8b238936f986cf6c2fe4114f6852c1e96bb5db42ac22cedef096c522041b99c02a1abf5fd80f17afff4f8f2f5e9c1650c9c2375d82a3
- SSDEEP
  
  192:7ILp3RRDQGl4za/6QXwRFIAAqklafQsAKa/kJVJNzMbqRdDn3ZButll5W/PMpRQg:7KkGF6upqzDaSRAGdr3ZwlboEpGXQ
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Source/QtGraphicalEffects/GaussianBlur.qml
- Size
  
  12KB
- MD5
  
  cf3064e19b18a426e240aa491384137d
- SHA1
  
  00ea674747837dfc639c2670b9bc6a3f34670520
- SHA256
  
  8bf2fc9c1365e1122b44c657a80921a1c741600d56614205a633b81fe0d8f18c
- SHA512
  
  c3747c938039bdb015a0e197ffa8c147c1c2c9bbe4f98fd5dc43ee38bf64f3d3a2e2b8c2264a15f07de7327843cf949dd591b742ad46a47ec79aae3cca38e98a
- SSDEEP
  
  384:7xkGVw6EAHk2Do8+u6Q4DQSZVNrGEcHnp2gZYpz+2:7qGVNzHk2c8+u6Q4DQSZVFhiL2
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Power Settings

T1653

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Creates new service(s)

Stops running service(s)

Executes dropped EXE

Loads dropped DLL

Power Settings

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32