xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_a2a8c316a9e35992827f58a2f47d6db71da352e6210d235a20075baa996b28cd
Size

1.0MB
Sample

241223-2lwq7stmew
MD5

56fc963125315f50e53df285e6a10da7
SHA1

62e5dc451dc805d1da30e25c80be06196454dcf9
SHA256

a2a8c316a9e35992827f58a2f47d6db71da352e6210d235a20075baa996b28cd
SHA512

edda309592c28ea7446a1c1a86ae566baa50f2e1d2302ce24c2035d73e8aeeac5b8aeef80ea0c2fb3d9bcbb1c6c0e804b56c8a875420116e9ef856032fc37c45
SSDEEP

24576:oSwQhPWZJpq8TuW1I0HvlrI/dvAWaIgXi52ft7:KC+ZTqouWu0HvlrwdByXi5U7

Score

10^/10

Malware Config

Targets

- Target
  
  DOC001.bin
- Size
  
  1.1MB
- MD5
  
  c720ac483a5752c2b69945a8ad673162
- SHA1
  
  a91be77fa1bc117c34b3e652706e3b276b487769
- SHA256
  
  856777e16c153722ebd3f389197d4b6482f8afb2e51345e1ab19760c486c3f78
- SHA512
  
  68f7cde69539fa53692c358aa439a52e73ef9628427f3c9a3b310f71ec107d7dc6dc1a19323cad728b6ed6912eb0bf52e618c6097a1069e5d493b10e699ede82
- SSDEEP
  
  12288:hhczyLe1sGZ7Bg5uPRwr05vzSBwepQZ2XcCDsceWiJklfViHen3wUN4uZycTWKCg:hE7ZtIvezxepQ4sGscezCPHN0QQRq4U
Score

8^/10

defense_evasion discovery persistence
- Indicator Removal: Network Share Connection Removal
  Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  21KB
- MD5
  
  d7a3fa6a6c738b4a3c40d5602af20b08
- SHA1
  
  34fc75d97f640609cb6cadb001da2cb2c0b3538a
- SHA256
  
  67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
- SHA512
  
  75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934
- SSDEEP
  
  384:oW4gLK82JvtosNCPhXKJ18hcEP1+f+pvMPbkdTg1Zahzs60Ac9khYLMkIX0+Gbyk:oW4i/2JloB5IQ9AhkwZaKRu
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $R9/NsCpuCNMiner32.exe
- Size
  
  1.5MB
- MD5
  
  30843cdd1e1eb312d1cce94c3c826c88
- SHA1
  
  10f885f7595de28f5b8a6ca5c5b852edc8fd3238
- SHA256
  
  6eaebe0831a31d42003811927284cbce49c0fa10d177f28d139f3f64369c2327
- SHA512
  
  3e9fdb0b6a5b9f7a4dd071530677721571c658b059a0a2f8611e5db1c1d208d9aa7889f7ff0c2878a9bf3e95bbcd21435f38c5721eb2a9eac500cd108f2c2be2
- SSDEEP
  
  24576:mWxPgN3IsM9D6tVBml1+mXRRVJ9l7lDb65rIuBX/TpuRHZyfsihmcifeuQ4:mWxo3IlD+el1+0RRVJ9l7mkuBXr8R566
Score

10^/10

xmrig discovery miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
behavioral5 behavioral6
- Target
  
  $R9/NsCpuCNMiner64.exe
- Size
  
  1.0MB
- MD5
  
  2f4e3381e0cd64b0330d509d6916b940
- SHA1
  
  b2e49f58a30132afd25ee05985980a974b59b55c
- SHA256
  
  be8884fa0bdff20838a08a9a70331e438adfc36336c643b2128ffd978e92540f
- SHA512
  
  e34f45ea4d7d8f12af40e67fcbf990684a0c85af14863e055ef4502a63899cbb786b120e2f77973dc08c5f6a64c9bdeb6e7858c2c191d1d70aa2e921cce5f653
- SSDEEP
  
  24576:jOwEOFrty92FJQLUjL3BvItspkP+ZlCiAYji8GF2x88tdYQ:KwEOFrty92F2LuLVCs8OlCiAyi8G4T
Score

10^/10

xmrig miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
behavioral7 behavioral8