xmrig | a8a3bfb37db841cacd7c315f03103e0c858cc2e8abf6a73f4d3bbaeed1a98b93 | Triage

Submit
Reports

Overview

overview

Static

static

3

HackSuitev2Lite.exe

windows7-x64

8

HackSuitev2Lite.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_a8a3bfb37db841cacd7c315f03103e0c858cc2e8abf6a73f4d3bbaeed1a98b93
Size

120KB
Sample

241224-atxjxswnfs
MD5

aa183f2fabda8adc1f0f89d9bdd0c57a
SHA1

5a8644fead1cb3a22a447ea49bac125887b7a4cb
SHA256

a8a3bfb37db841cacd7c315f03103e0c858cc2e8abf6a73f4d3bbaeed1a98b93
SHA512

13ce1457535073cc1f2e32fe9be4aae9ea82b094e0c4f2686646459f15c284bc4512965a267cb393fbf97e23f2d07b3a86282571cb359d36a82fbe5ac64ba33e
SSDEEP

3072:bn5ZyQMPtY5sHXWFpBU9WM2bk5A76paF/qrT4fBvVi7:FZyQMVmsHoqyY5A7LxQT4fBNi7

Score

10^/10

xmrig execution miner

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

HackSuitev2Lite.exe

Resource

win7-20240708-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

HackSuitev2Lite.exe

Resource

win10v2004-20241007-en

xmrig execution miner

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  HackSuitev2Lite.exe
- Size
  
  124KB
- MD5
  
  e6d4f94c1ed2989dd2ef52daf6ab9334
- SHA1
  
  237d1643c44d8759036e61256d7cc7355c814915
- SHA256
  
  e00004a583d1fe4816b9d0049f3bf3d5cdedd65e9ed50c5ee34f0bdfe0dac4d2
- SHA512
  
  f7d7fbd9c8c2a357c7b119f9a5d541de8c1704923e1b20aacd4f5f79db8c9f554dfe606dfee5f1d6f5dd460a59e69d68632c08ea7917c5ad2881875cd46120b7
- SSDEEP
  
  3072:4S3vH68fUJj4uuNqmE7eF9gPLE3pyzdeoqJL9F6R0gfLtiR/j8qNxb:4S3SJR3uNqR29hk2nO7AY
Score

10^/10

execution xmrig miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xmrigexecutionminer

© 2018-2025

Terms | Privacy