xmrig | 635a1fa6be24e24ae11cd67152f224b97d05fe6afa39ab4dc14442b74666a42e | Triage

Submit
Reports

Overview

overview

Static

static

635a1fa6be...2e.exe

windows7-x64

635a1fa6be...2e.exe

windows10-2004-x64

Sharing

General

Target

635a1fa6be24e24ae11cd67152f224b97d05fe6afa39ab4dc14442b74666a42e.exe
Size

1.9MB
Sample

241125-293jnaykhl
MD5

b491f21e9d8964b3118b6100676cf0cc
SHA1

9a074f01f0775dfb4e66cc6752614903b2637481
SHA256

635a1fa6be24e24ae11cd67152f224b97d05fe6afa39ab4dc14442b74666a42e
SHA512

80bd1e09a03af97b35da108e7011d75f931f19f14d465ff77229725ef9ff0771e5b7fc2fa075d767ed85bc232ac84a6f7b57b07769c0d921e071905dbeecf49c
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCB2lU2:NABp

Score

10^/10

xmrig execution miner upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

635a1fa6be24e24ae11cd67152f224b97d05fe6afa39ab4dc14442b74666a42e.exe

Resource

win7-20240903-en

xmrig execution miner upx

windows7-x64

8 signatures

120 seconds

Behavioral task

behavioral2

Sample

635a1fa6be24e24ae11cd67152f224b97d05fe6afa39ab4dc14442b74666a42e.exe

Resource

win10v2004-20241007-en

xmrig execution miner upx

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Targets

- Target
  
  635a1fa6be24e24ae11cd67152f224b97d05fe6afa39ab4dc14442b74666a42e.exe
- Size
  
  1.9MB
- MD5
  
  b491f21e9d8964b3118b6100676cf0cc
- SHA1
  
  9a074f01f0775dfb4e66cc6752614903b2637481
- SHA256
  
  635a1fa6be24e24ae11cd67152f224b97d05fe6afa39ab4dc14442b74666a42e
- SHA512
  
  80bd1e09a03af97b35da108e7011d75f931f19f14d465ff77229725ef9ff0771e5b7fc2fa075d767ed85bc232ac84a6f7b57b07769c0d921e071905dbeecf49c
- SSDEEP
  
  49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCB2lU2:NABp
Score

10^/10

xmrig execution miner upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy