xmrig | 9f44d20bf32119323fa7395b6e951c3de2f1f6eba915fc9bdc538d24d8bbe3df | Triage

Submit
Reports

Overview

overview

Static

static

9f44d20bf3...fN.exe

windows7-x64

9f44d20bf3...fN.exe

windows10-2004-x64

Sharing

General

Target

9f44d20bf32119323fa7395b6e951c3de2f1f6eba915fc9bdc538d24d8bbe3dfN.exe
Size

2.3MB
Sample

241225-xfw3kaspas
MD5

dba2264dff520984c30b3fd2c041d890
SHA1

d4dfa72de7b24802d54cbce4b1eeaa6830d59921
SHA256

9f44d20bf32119323fa7395b6e951c3de2f1f6eba915fc9bdc538d24d8bbe3df
SHA512

7252f2ff2edd26ecb08994a97ed4ce7a6aeea361ec4012192bb1505cea18973ab74cf1e65dd3a6ce90d14787ae09856081fc69ea16cb398410ca223b388126fc
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleL9oVt:NABZ

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

9f44d20bf32119323fa7395b6e951c3de2f1f6eba915fc9bdc538d24d8bbe3dfN.exe

Resource

win7-20240729-en

xmrig execution miner upx

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

9f44d20bf32119323fa7395b6e951c3de2f1f6eba915fc9bdc538d24d8bbe3dfN.exe

Resource

win10v2004-20241007-en

xmrig execution miner persistence privilege_escalation upx

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Targets

- Target
  
  9f44d20bf32119323fa7395b6e951c3de2f1f6eba915fc9bdc538d24d8bbe3dfN.exe
- Size
  
  2.3MB
- MD5
  
  dba2264dff520984c30b3fd2c041d890
- SHA1
  
  d4dfa72de7b24802d54cbce4b1eeaa6830d59921
- SHA256
  
  9f44d20bf32119323fa7395b6e951c3de2f1f6eba915fc9bdc538d24d8bbe3df
- SHA512
  
  7252f2ff2edd26ecb08994a97ed4ce7a6aeea361ec4012192bb1505cea18973ab74cf1e65dd3a6ce90d14787ae09856081fc69ea16cb398410ca223b388126fc
- SSDEEP
  
  49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleL9oVt:NABZ
Score

10^/10

xmrig execution miner upx persistence privilege_escalation
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy