xmrig

General

Target

783f04b7d76cd3c56857e2f340e5274a513e516abc2a04679e5438727d2643e2N.exe
Size

1.3MB
Sample

241218-nvzybsymbr
MD5

def6ce922d87ad7a078dd2eb71bfd850
SHA1

420280be91ac9b5e2b82fb820c19141220fcd53d
SHA256

783f04b7d76cd3c56857e2f340e5274a513e516abc2a04679e5438727d2643e2
SHA512

1c6eb74af09231e20dfeca2d4793b7217a7c663d2a91614996f48ec6f1093e0c5179acb0d25f94a319630b94a1ea5bc61b79cf1429f551b50c763471001d28e2
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYVfp1cnAfSlWhdbOgU:Lz071uv4BPMkibTIA5VDSl+OgU

Score

10^/10

Malware Config

Targets

- Target
  
  783f04b7d76cd3c56857e2f340e5274a513e516abc2a04679e5438727d2643e2N.exe
- Size
  
  1.3MB
- MD5
  
  def6ce922d87ad7a078dd2eb71bfd850
- SHA1
  
  420280be91ac9b5e2b82fb820c19141220fcd53d
- SHA256
  
  783f04b7d76cd3c56857e2f340e5274a513e516abc2a04679e5438727d2643e2
- SHA512
  
  1c6eb74af09231e20dfeca2d4793b7217a7c663d2a91614996f48ec6f1093e0c5179acb0d25f94a319630b94a1ea5bc61b79cf1429f551b50c763471001d28e2
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYVfp1cnAfSlWhdbOgU:Lz071uv4BPMkibTIA5VDSl+OgU
Score

10^/10

xmrig execution miner upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2