xmrig | 2aba29deec0bd0dc4d028360b9abdd30dc3b81b0e20bb40e3be7e5cb3240f76c | Triage

Submit
Reports

Overview

overview

Static

static

3

RIMIX X!TRE.exe

windows7-x64

RIMIX X!TRE.exe

windows10-2004-x64

Sharing

General

Target

RIMIX X!TRE.rar
Size

2.6MB
Sample

241224-vbza1ssnap
MD5

fd958f314b715e2aba5e181789516467
SHA1

8c329504987d695a40813b89ba93391225b53135
SHA256

2aba29deec0bd0dc4d028360b9abdd30dc3b81b0e20bb40e3be7e5cb3240f76c
SHA512

207d5e91c232614c2980c22920fd746ded1c01cfee8ca24a00310418266addc9e6de2c8137ee416b9779ba89580e75038559cdc7d5d2906bae1b0e189fa388c6
SSDEEP

49152:x8Rknfy2QmkasYluLNGAegv0fjZvXjHEmGlawcbkR4it+uxKKwvYa:aGnK2QaI4Jgc6Vc8Kl1

Score

10^/10

xmrig evasion execution miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RIMIX X!TRE.exe

Resource

win7-20240729-en

xmrig evasion execution miner persistence upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

RIMIX X!TRE.exe

Resource

win10v2004-20241007-en

xmrig evasion execution miner persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  RIMIX X!TRE.exe
- Size
  
  3.9MB
- MD5
  
  4b341683eae9ea9941df5fd7e60c7a09
- SHA1
  
  9318f92e924f54fdd856dac5839220af15cd8601
- SHA256
  
  0bffdd22b6c00bbe5da4a1cf4e84089cf8c50c7aa93993b652b2dedcd5d75237
- SHA512
  
  65805b2daade2b204c7b3316ea69c91feb6133c7bba70ccf36eba7abb83d087565e9bb450292afc83416dc04b66ee8ce26304cc46e37f480a081913e760683ef
- SSDEEP
  
  98304:fJs+xKkTwxRk+LkcddlstjcX9LqHpy96KZB:hxNwxiArlwjcX9L/6+
Score

10^/10

xmrig evasion execution miner persistence upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionexecutionminerpersistenceupx

behavioral2

xmrigevasionexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy