xmrig | 58f57b0f5682411456bcafa3a25205415763a32b99a5848c1e9d4e6133c08978 | Triage

Submit
Reports

Overview

overview

Static

static

58f57b0f56...78.exe

windows7-x64

58f57b0f56...78.exe

windows10-2004-x64

Sharing

General

Target

58f57b0f5682411456bcafa3a25205415763a32b99a5848c1e9d4e6133c08978.exe
Size

1.9MB
Sample

241126-amnnfa1jhr
MD5

1f3c69ac74b8d2daba986f48baf331c4
SHA1

b955862116b35b1898434837f2c1bdd7c6b4e2e8
SHA256

58f57b0f5682411456bcafa3a25205415763a32b99a5848c1e9d4e6133c08978
SHA512

10300db05c683456842a847211eac037abeaa97c98051aed48af8b39c430ea360bbca1b5832748443e8b3b476c5f78d1dc8a6e288d901579c1e7a439ffe02b6c
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCB2lUU:NABR

Score

10^/10

xmrig execution miner upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

58f57b0f5682411456bcafa3a25205415763a32b99a5848c1e9d4e6133c08978.exe

Resource

win7-20240903-en

xmrig execution miner upx

windows7-x64

8 signatures

120 seconds

Behavioral task

behavioral2

Sample

58f57b0f5682411456bcafa3a25205415763a32b99a5848c1e9d4e6133c08978.exe

Resource

win10v2004-20241007-en

xmrig execution miner upx

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Targets

- Target
  
  58f57b0f5682411456bcafa3a25205415763a32b99a5848c1e9d4e6133c08978.exe
- Size
  
  1.9MB
- MD5
  
  1f3c69ac74b8d2daba986f48baf331c4
- SHA1
  
  b955862116b35b1898434837f2c1bdd7c6b4e2e8
- SHA256
  
  58f57b0f5682411456bcafa3a25205415763a32b99a5848c1e9d4e6133c08978
- SHA512
  
  10300db05c683456842a847211eac037abeaa97c98051aed48af8b39c430ea360bbca1b5832748443e8b3b476c5f78d1dc8a6e288d901579c1e7a439ffe02b6c
- SSDEEP
  
  49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCB2lUU:NABR
Score

10^/10

xmrig execution miner upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy