xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

AV.scr
Size

6.0MB
Sample

250104-x5zvratkew
MD5

a20727b81b50a20483ba59ae65443dfe
SHA1

7429f81064e044e981de12bde015117953b7b0e7
SHA256

af94ddf7c35b9d9f016a5a4b232b43e071d59c6beb1560ba76df20df7b49ca4c
SHA512

c6b857207818f1e26065ac424ee5cfdb18e5297ae8c1724a5ec8e80cf96b43bcd31b479859fa863ff508030ce52c60870152b433d548df9fbfc42a378c499856
SSDEEP

98304:RLGSThOfTCiFBXmfFs+JMHpCVoR8oMEOJ6Ty3RvX+Y2naq8le+:YBfTCiUswVSLOJgyBG/aW+

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
153.149.193.182
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
125.63.50.118
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
153.149.193.182
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
125.63.50.118
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
153.149.193.182
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
153.149.193.182
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
125.63.50.118
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
password

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
123123

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
123

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
pass1234

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
www

Extracted

Credentials

Protocol: ftp
Host:
153.149.193.182
Port:
21
Username:
www
Password:
password

Extracted

Credentials

Protocol: ftp
Host:
125.63.50.118
Port:
21
Username:
www

Extracted

Credentials

Protocol: ftp
Host:
109.237.216.183
Port:
21
Username:
www
Password:
wwwwww

Extracted

Credentials

Protocol: ftp
Host:
88.211.209.50
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
23.235.196.143
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
133.242.21.232
Port:
21
Username:
www

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
88.211.209.50
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
password

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
123123

Extracted

Credentials

Protocol: ftp
Host:
23.235.196.143
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
123

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
pass1234

Extracted

Credentials

Protocol: ftp
Host:
88.211.209.50
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
www

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
wwwwww

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
www1

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
www123

Extracted

Credentials

Protocol: ftp
Host:
88.211.209.50
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
23.235.196.143
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
www2016

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
www2015

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
www!

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www

Extracted

Credentials

Protocol: ftp
Host:
88.211.209.50
Port:
21
Username:
www
Password:
password

Extracted

Credentials

Protocol: ftp
Host:
104.193.141.61
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
154.212.118.153
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
P@ssw0rd!!

Extracted

Credentials

Protocol: ftp
Host:
154.212.118.153
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
23.235.196.143
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
qwa123

Extracted

Credentials

Protocol: ftp
Host:
154.212.118.153
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
88.211.209.50
Port:
21
Username:
www
Password:
123123

Extracted

Credentials

Protocol: ftp
Host:
154.212.118.153
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
200.123.6.114
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
211.37.85.72
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
103.119.14.218
Port:
21
Username:
www
Password:
12345678

Extracted

Credentials

Protocol: ftp
Host:
200.123.6.114
Port:
21
Username:
www

Extracted

Credentials

Protocol: ftp
Host:
211.37.85.72
Port:
21
Username:
www

Extracted

Credentials

Protocol: ftp
Host:
104.193.141.61
Port:
21
Username:
www

Targets

- Target
  
  AV.scr
- Size
  
  6.0MB
- MD5
  
  a20727b81b50a20483ba59ae65443dfe
- SHA1
  
  7429f81064e044e981de12bde015117953b7b0e7
- SHA256
  
  af94ddf7c35b9d9f016a5a4b232b43e071d59c6beb1560ba76df20df7b49ca4c
- SHA512
  
  c6b857207818f1e26065ac424ee5cfdb18e5297ae8c1724a5ec8e80cf96b43bcd31b479859fa863ff508030ce52c60870152b433d548df9fbfc42a378c499856
- SSDEEP
  
  98304:RLGSThOfTCiFBXmfFs+JMHpCVoR8oMEOJ6Ty3RvX+Y2naq8le+:YBfTCiUswVSLOJgyBG/aW+
Score

10^/10

xmrig discovery evasion miner persistence privilege_escalation pyinstaller upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Contacts a large (517) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Windows Firewall
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Network Service Discovery

T1046

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Xmrig family

XMRig Miner payload

Contacts a large (517) amount of remote hosts

Modifies Windows Firewall

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

Creates a large amount of network flows

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2