xmrig | 492bd088b2da5df8a1de73e77c6413480be2a47c1600f67e57a52f03f5d7801b | Triage

Submit
Reports

Overview

overview

Static

static

5

888 RAT Privatex.exe

windows11-21h2-x64

Sharing

General

Target

888 RAT Privatex.exe
Size

11.3MB
Sample

241225-ktdf6a1qbp
MD5

eb92b2a00a4f4c8a14ab9e5845a51512
SHA1

6855badfc5f79a9e75b073c3ebc65902afe4698b
SHA256

492bd088b2da5df8a1de73e77c6413480be2a47c1600f67e57a52f03f5d7801b
SHA512

6c62f18f79fdf30494580868b139aa0b87580f25c37a8c99ecda64b0b8c442c6b26a5cacada0c404f1cf23f46e01d14e871923a6c624ddbdb4a7c2db5e85a18c
SSDEEP

196608:CJWQr/GQDd3JjPOVXRzPHGy+FtxIpeYIGx/3E8hNpRKEzTzvLuShmIYNoE+At:uWQrr5uX5PHGyZt/s4pR3pVY4

Score

10^/10

xmrig defense_evasion discovery evasion miner persistence privilege_escalation upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

888 RAT Privatex.exe

Resource

win11-20241007-en

xmrig defense_evasion discovery evasion miner persistence privilege_escalation upx

windows11-21h2-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  888 RAT Privatex.exe
- Size
  
  11.3MB
- MD5
  
  eb92b2a00a4f4c8a14ab9e5845a51512
- SHA1
  
  6855badfc5f79a9e75b073c3ebc65902afe4698b
- SHA256
  
  492bd088b2da5df8a1de73e77c6413480be2a47c1600f67e57a52f03f5d7801b
- SHA512
  
  6c62f18f79fdf30494580868b139aa0b87580f25c37a8c99ecda64b0b8c442c6b26a5cacada0c404f1cf23f46e01d14e871923a6c624ddbdb4a7c2db5e85a18c
- SSDEEP
  
  196608:CJWQr/GQDd3JjPOVXRzPHGy+FtxIpeYIGx/3E8hNpRKEzTzvLuShmIYNoE+At:uWQrr5uX5PHGyZt/s4pR3pVY4
Score

10^/10

xmrig defense_evasion discovery evasion miner persistence privilege_escalation upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Modifies Windows Firewall
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: Clear Persistence
  Clear artifacts associated with previously established persistence like scheduletasks on a host.
  defense_evasion
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Indicator Removal

Clear Persistence

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigdefense_evasiondiscoveryevasionminerpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy