xmrig | a38045c3b8a5254c090f89f8908402bfdd436ceeebd1f3fc7f265c8070d320cd | Triage

Sharing

General

Target

JaffaCakes118_a38045c3b8a5254c090f89f8908402bfdd436ceeebd1f3fc7f265c8070d320cd
Size

6.7MB
Sample

241228-2hrcbatqcr
MD5

32b1115b117f02f2f2b7955250324305
SHA1

4ec519a03679a0c06204d23629e9959a30670948
SHA256

a38045c3b8a5254c090f89f8908402bfdd436ceeebd1f3fc7f265c8070d320cd
SHA512

df7b4058881a2350fab386558f18922bcb27df8e5289ad32dc42715cb6a41b02fbf5fb336baa0b3c824268815fd8eb75fc2c37b7db9424e8bbde487c60650a45
SSDEEP

196608:CKgD1p+L71ttiL6KkVmOVI3bksgUllbWXGEj:oKLZMNk4mI3bxgMre

Score

10^/10

xmrig discovery evasion miner persistence trojan

Malware Config

Targets

- Target
  
  8884353C745F7C2D7639EC27B31FA8D491283199F4CD0DB43EB4EB6EEA39B3D7
- Size
  
  6.8MB
- MD5
  
  b4b6b67d5e5723248f84cfe8cb022d93
- SHA1
  
  e9bc93219af4b2dfc5083db3bc4ec44fdd9ef7f2
- SHA256
  
  8884353c745f7c2d7639ec27b31fa8d491283199f4cd0db43eb4eb6eea39b3d7
- SHA512
  
  7b5310116fd47c5580ff9d58e23f8009d47763609817292b171379106d5b6532589e21208c115eea923478b019ba9682a056576b255578f7c5f54d0c36786f0b
- SSDEEP
  
  196608:5eNb7rBym+IQaK6tmWsCiW/RCWbKSWPX2gZqZT:G1y56EWsvW/iSWPjUZT
Score

10^/10

xmrig discovery evasion miner persistence trojan
- UAC bypass
  evasion trojan
- XMRig Miner payload
  miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigdiscoveryevasionminerpersistencetrojan

behavioral2

xmrigdiscoveryevasionminerpersistencetrojan