xmrig | b45a61a91554efc9b2a6246b220a38a6bcf82baa721e237b784f106f04709e89 | Triage

Submit
Reports

Overview

overview

Static

static

5

b45a61a915...89.exe

windows7-x64

b45a61a915...89.exe

windows10-2004-x64

Sharing

General

Target

b45a61a91554efc9b2a6246b220a38a6bcf82baa721e237b784f106f04709e89.exe
Size

15.9MB
Sample

241121-bxbbjaybnm
MD5

90a722e0917f225f5a69f2ebf731eef0
SHA1

da735c429ce7c5db1f994625e22b6e7f10b9b171
SHA256

b45a61a91554efc9b2a6246b220a38a6bcf82baa721e237b784f106f04709e89
SHA512

fd9b7ccae986fde90200b112478b8fe703eab77709922c9cb8664dc8685a143f1914e227785ea8d68eedb76e26522fb5e33f11dcd0462954ac4d7e63625a9d47
SSDEEP

393216:v7eZsZjpfIWLWYyIiJOmhmP0nUzStz4GH7IYyvJ:DecT2hhmssGH8xh

Score

10^/10

xmrig discovery miner

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b45a61a91554efc9b2a6246b220a38a6bcf82baa721e237b784f106f04709e89.exe

Resource

win7-20240903-en

xmrig discovery miner

windows7-x64

17 signatures

120 seconds

Behavioral task

behavioral2

Sample

b45a61a91554efc9b2a6246b220a38a6bcf82baa721e237b784f106f04709e89.exe

Resource

win10v2004-20241007-en

xmrig discovery miner

windows10-2004-x64

18 signatures

120 seconds

Malware Config

Targets

- Target
  
  b45a61a91554efc9b2a6246b220a38a6bcf82baa721e237b784f106f04709e89.exe
- Size
  
  15.9MB
- MD5
  
  90a722e0917f225f5a69f2ebf731eef0
- SHA1
  
  da735c429ce7c5db1f994625e22b6e7f10b9b171
- SHA256
  
  b45a61a91554efc9b2a6246b220a38a6bcf82baa721e237b784f106f04709e89
- SHA512
  
  fd9b7ccae986fde90200b112478b8fe703eab77709922c9cb8664dc8685a143f1914e227785ea8d68eedb76e26522fb5e33f11dcd0462954ac4d7e63625a9d47
- SSDEEP
  
  393216:v7eZsZjpfIWLWYyIiJOmhmP0nUzStz4GH7IYyvJ:DecT2hhmssGH8xh
Score

10^/10

xmrig discovery miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigdiscoveryminer

behavioral2

xmrigdiscoveryminer

© 2018-2024

Terms | Privacy