xmrig | b76ecfa778793bdf379a63b55d60b4b3941e10b743e48ae3b414b3522212abdb | Triage

Submit
Reports

Overview

overview

Static

static

3

228c09c311...99.exe

windows7-x64

8

228c09c311...99.exe

windows10-2004-x64

Sharing

General

Target

228c09c31156d45dfe94195bb34d1399.exe
Size

14.0MB
Sample

241220-sf66baxqhz
MD5

228c09c31156d45dfe94195bb34d1399
SHA1

20c6ce4757be1399032b2ac6873dc505c1d02839
SHA256

b76ecfa778793bdf379a63b55d60b4b3941e10b743e48ae3b414b3522212abdb
SHA512

003557ad24f826143a50cce81b56489c7768951ecdfef9b01fe645f5453ae8cf36bd1b2b6e5e3bd8d27131cf3a2d54d20b7c699ae582e2528b65aee8a560f40c
SSDEEP

393216:hPsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCyGTQP76NuudqfZnXSdEVB3:hITk1

Score

10^/10

xmrig discovery execution miner persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

228c09c31156d45dfe94195bb34d1399.exe

Resource

win7-20241010-en

execution persistence

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

228c09c31156d45dfe94195bb34d1399.exe

Resource

win10v2004-20241007-en

xmrig discovery execution miner persistence

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  228c09c31156d45dfe94195bb34d1399.exe
- Size
  
  14.0MB
- MD5
  
  228c09c31156d45dfe94195bb34d1399
- SHA1
  
  20c6ce4757be1399032b2ac6873dc505c1d02839
- SHA256
  
  b76ecfa778793bdf379a63b55d60b4b3941e10b743e48ae3b414b3522212abdb
- SHA512
  
  003557ad24f826143a50cce81b56489c7768951ecdfef9b01fe645f5453ae8cf36bd1b2b6e5e3bd8d27131cf3a2d54d20b7c699ae582e2528b65aee8a560f40c
- SSDEEP
  
  393216:hPsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCyGTQP76NuudqfZnXSdEVB3:hITk1
Score

10^/10

execution persistence xmrig discovery miner
- XMRig Miner payload
  miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Downloads MZ/PE file
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Server Software Component

Terminal Services DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

xmrigdiscoveryexecutionminerpersistence

© 2018-2025

Terms | Privacy