xmrig | 82ef3dff1d3e75ba34a936e74f349f8a48ed91b0210e713a59596934a8718e98 | Triage

Submit
Reports

Overview

overview

Static

static

1

3e4dd2a19e...d6.exe

windows7-x64

3e4dd2a19e...d6.exe

windows10-2004-x64

Sharing

General

Target

4c8cc67beebc0e9_anydesk_exe_20507514309.zip
Size

2.0MB
Sample

241226-zfevdsyqgm
MD5

c5c9aa556799c947e65c499f1bb598a3
SHA1

88ce02db148781cde565058cbaba9c527e6e6825
SHA256

82ef3dff1d3e75ba34a936e74f349f8a48ed91b0210e713a59596934a8718e98
SHA512

d56f7d86a1bac320182e0607fd626c6ee66ba100baeda111dad8c416caad8f13a9a4a47778bc0f6ab5025af75562a67a2874efab3bad9d6de18475e15f0a664f
SSDEEP

49152:FH9goFl4lfWERCYTnJTTLsW3WQXBwx3RJFSXJA2Ux5:AoaZDs8/xw1w7U3

Score

10^/10

xmrig evasion execution miner persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

3e4dd2a19e5c08068bfb5c980732ff696a0e950b4bc6f0efe6e7e47a567793d6.exe

Resource

win7-20240903-en

xmrig evasion execution miner persistence upx

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

3e4dd2a19e5c08068bfb5c980732ff696a0e950b4bc6f0efe6e7e47a567793d6.exe

Resource

win10v2004-20241007-en

xmrig evasion execution miner persistence upx

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  3e4dd2a19e5c08068bfb5c980732ff696a0e950b4bc6f0efe6e7e47a567793d6
- Size
  
  2.6MB
- MD5
  
  494cc0e2a4aa4fe252099c1499a5fd4e
- SHA1
  
  4c8cc67beebc0e9f015ae3113957aab4dbf1285f
- SHA256
  
  3e4dd2a19e5c08068bfb5c980732ff696a0e950b4bc6f0efe6e7e47a567793d6
- SHA512
  
  dc4567e49456976f778d2da6561d15d764519c71424ce8038ece137c5c50794a8d056674fce4ee810ef46d6558a12835ecc24aaa123d6ef4184515e4ef737a58
- SSDEEP
  
  49152:lt6NLonrxnS/+Dwr/5UeLFeEhsG89y+6rxvVsveHZMlJ8eH4elKpGOyUw:lIyxv2/2Eu9y+gsveHZM8exmyUw
Score

10^/10

xmrig evasion execution miner persistence upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionexecutionminerpersistenceupx

behavioral2

xmrigevasionexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy