xmrig | 41e6c5ccf174a78f6a12af2898bcd7a9cbe8d59cf9d9536747e1194998049992 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...92.exe

windows7-x64

JaffaCakes...92.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_41e6c5ccf174a78f6a12af2898bcd7a9cbe8d59cf9d9536747e1194998049992
Size

4.0MB
Sample

241227-c9yg9szqcw
MD5

5fabb9965401cfb8a14fc634a427a98f
SHA1

5c20d202bb4f96ee6506f79a2a2e476ab8386790
SHA256

41e6c5ccf174a78f6a12af2898bcd7a9cbe8d59cf9d9536747e1194998049992
SHA512

af91d214cb7f4b069dfe03c448e56059ff19871fd756e463d47bea17804fec68062093694eb9d6c8418be17b07f9ea626fe57620d0c4379d70a3fb2c08ccc0ec
SSDEEP

98304:ZP4w9vjX7YYOls+UHVWvrZtePi5XCZE2VKI5CX:ZPZLsQpHVWvcpVKIY

Score

10^/10

xmrig defense_evasion miner

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_41e6c5ccf174a78f6a12af2898bcd7a9cbe8d59cf9d9536747e1194998049992.exe

Resource

win7-20240708-en

xmrig defense_evasion miner

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_41e6c5ccf174a78f6a12af2898bcd7a9cbe8d59cf9d9536747e1194998049992.exe

Resource

win10v2004-20241007-en

xmrig defense_evasion miner

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_41e6c5ccf174a78f6a12af2898bcd7a9cbe8d59cf9d9536747e1194998049992
- Size
  
  4.0MB
- MD5
  
  5fabb9965401cfb8a14fc634a427a98f
- SHA1
  
  5c20d202bb4f96ee6506f79a2a2e476ab8386790
- SHA256
  
  41e6c5ccf174a78f6a12af2898bcd7a9cbe8d59cf9d9536747e1194998049992
- SHA512
  
  af91d214cb7f4b069dfe03c448e56059ff19871fd756e463d47bea17804fec68062093694eb9d6c8418be17b07f9ea626fe57620d0c4379d70a3fb2c08ccc0ec
- SSDEEP
  
  98304:ZP4w9vjX7YYOls+UHVWvrZtePi5XCZE2VKI5CX:ZPZLsQpHVWvcpVKIY
Score

10^/10

xmrig defense_evasion miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigdefense_evasionminer

behavioral2

xmrigdefense_evasionminer

© 2018-2025

Terms | Privacy