xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_0646ba6c2134d07f8e37469afb53100398d55e73789991715b7c576f015cd3f4
Size

982KB
Sample

241226-wpv17atmay
MD5

4dcaea3a5c97c3554ddd6622a3826557
SHA1

980f3b1af103f79e7f262407eccf2a5403998620
SHA256

0646ba6c2134d07f8e37469afb53100398d55e73789991715b7c576f015cd3f4
SHA512

056457b94693317e8695334c92f667dca34573b3f8e32326256fcd90cad32a3aca2d8579617e296f61f20ddaabdf3b65f3538c6754b502c53ec16fe3f0153aae
SSDEEP

24576:Rm/WPjOHJAmFc2wi5Z19izzl+LBQycBh7jlVfxc:EKjOppwiPOUOhXy

Score

10^/10

Malware Config

Targets

- Target
  
  DOC001.bin
- Size
  
  1009KB
- MD5
  
  26ed698da25b4644a62ca4b33513395c
- SHA1
  
  0b36728a48fbff17a45be400c628052e6dca95fc
- SHA256
  
  93b0ea64ed8a6c613b656b8835e34f54b12a971e27a257e2c9afbf9eeb62b8f9
- SHA512
  
  af1ff50d0719667ed0579addda6099c56a6e208eaea771be1aa313dfcc3aad589cca40c6f5b0d1a832d09d5a6ffeb640c141edc3fb81c6e50f4cd51cdf6c4513
- SSDEEP
  
  24576:hEgl/FR7UL8postqaU3lW5TxAZpmrDXYTryi:rDlu8ppqaylklVrDXa1
Score

8^/10

defense_evasion discovery persistence
- Indicator Removal: Network Share Connection Removal
  Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  21KB
- MD5
  
  d7a3fa6a6c738b4a3c40d5602af20b08
- SHA1
  
  34fc75d97f640609cb6cadb001da2cb2c0b3538a
- SHA256
  
  67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
- SHA512
  
  75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934
- SSDEEP
  
  384:oW4gLK82JvtosNCPhXKJ18hcEP1+f+pvMPbkdTg1Zahzs60Ac9khYLMkIX0+Gbyk:oW4i/2JloB5IQ9AhkwZaKRu
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $R9/NsCpuCNMiner32.exe
- Size
  
  1.1MB
- MD5
  
  9b8d2acc4033912f51974152a6184133
- SHA1
  
  dcc411259b8a9ff91db256b4282fd25f8071b302
- SHA256
  
  b19a57b6e73c44ee25a228c3e54e5d292fca9445e11c28c7c0744c3e3ae5fab6
- SHA512
  
  a2b9af0b931cc65bb6a0215c411b532e541d09e210816fa4f8689f83b622a4de5479d56ee545ae6b8647f98081917e79e57cd4ed571184a6030abfa220dcdfeb
- SSDEEP
  
  24576:Ojyj7jClMrVehtwYGyRRWJ9lmSU8J+YeTED9wvsaVWNcGrnI:OjyKHtwY1RRWJ9lmcZeTEx1aL
Score

10^/10

xmrig discovery miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
behavioral5 behavioral6
- Target
  
  $R9/NsCpuCNMiner64.exe
- Size
  
  943KB
- MD5
  
  3587409a3bbf53be5808dd5fccdbabe1
- SHA1
  
  eec6816b6f8ec3bdeb21f9c026cdc0ae1b8370fb
- SHA256
  
  90b56ccc13934418ebc8a51cbedccbafe27d877c6080023afbb42092d7fdcf72
- SHA512
  
  2cbd9a85407809a0c29497d50c22fba98f0ca8ec71b1f3b7abdec233bcb9e3173f2487adbebdb65b1055ebd4aee756033eb4da435649e1392bf164e77fd0e188
- SSDEEP
  
  24576:Arz0MBk33rNDK5YO5WiI3zB4AFxm7pN6bHkfLa3in:AUMBk33rNDK5YO5Wi8qAFxmpN6bp
Score

10^/10

xmrig miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
behavioral7 behavioral8