xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

Video.scr
Size

6.0MB
Sample

250124-ax3kca1kbv
MD5

a9d4007c9419a6e8d55805b8f8f52de0
SHA1

9f9d47ec6dd80bfcb4c3e0a1530b89d2d587c230
SHA256

5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca
SHA512

df727118e22be2c36c14bca3d084a7260f085bf528bfdc1da8467bc5adb654c34e20367ed733593810d9d54e9ca0137c015a4a34f09cb06d1145e60cbf16aecf
SSDEEP

98304:RLVSThOfTCiFBXmfFs+JMHpCVoR8oMEOJ6Ty3RvX+jb5jC3ajz4F4VRc:HBfTCiUswVSLOJgyBGv5jGQW4VR

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
190.113.1.79
Port:
21
Username:
www

Extracted

Credentials

Protocol: ftp
Host:
109.232.218.113
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
154.218.112.239
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
password

Extracted

Credentials

Protocol: ftp
Host:
154.218.112.239
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
123123

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
123

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
pass1234

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
www

Extracted

Credentials

Protocol: ftp
Host:
154.218.112.239
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
46.242.169.67
Port:
21
Username:
www
Password:
wwwwww

Extracted

Credentials

Protocol: ftp
Host:
179.189.199.213
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
142.11.209.33
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
146.59.15.138
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
45.95.188.159
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
142.11.209.33
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
45.95.188.159
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
142.11.209.33
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
45.95.188.159
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
142.11.209.33
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
179.189.199.213
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
142.11.209.33
Port:
21
Username:
www
Password:
password

Extracted

Credentials

Protocol: ftp
Host:
142.11.209.33
Port:
21
Username:
www
Password:
123123

Extracted

Credentials

Protocol: ftp
Host:
146.59.15.138
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
179.189.199.213
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
179.189.199.213
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
146.59.15.138
Port:
21
Username:
www
Password:
admin

Extracted

Credentials

Protocol: ftp
Host:
154.12.31.172
Port:
21
Username:
www
Password:
anonymous

Extracted

Credentials

Protocol: ftp
Host:
179.189.199.213
Port:
21
Username:
www
Password:
password

Extracted

Credentials

Protocol: ftp
Host:
146.59.15.138
Port:
21
Username:
www
Password:
root

Extracted

Credentials

Protocol: ftp
Host:
179.189.199.213
Port:
21
Username:
www
Password:
123123

Extracted

Credentials

Protocol: ftp
Host:
179.189.199.213
Port:
21
Username:
www
Password:
123

Extracted

Credentials

Protocol: ftp
Host:
154.12.31.172
Port:
21
Username:
www
Password:
123456

Extracted

Credentials

Protocol: ftp
Host:
146.59.15.138
Port:
21
Username:
www
Password:
password

Targets

- Target
  
  Video.scr
- Size
  
  6.0MB
- MD5
  
  a9d4007c9419a6e8d55805b8f8f52de0
- SHA1
  
  9f9d47ec6dd80bfcb4c3e0a1530b89d2d587c230
- SHA256
  
  5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca
- SHA512
  
  df727118e22be2c36c14bca3d084a7260f085bf528bfdc1da8467bc5adb654c34e20367ed733593810d9d54e9ca0137c015a4a34f09cb06d1145e60cbf16aecf
- SSDEEP
  
  98304:RLVSThOfTCiFBXmfFs+JMHpCVoR8oMEOJ6Ty3RvX+jb5jC3ajz4F4VRc:HBfTCiUswVSLOJgyBGv5jGQW4VR
Score

10^/10

xmrig defense_evasion discovery miner persistence privilege_escalation pyinstaller upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Contacts a large (551) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Windows Firewall
  defense_evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Network Service Discovery

T1046

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Xmrig family

XMRig Miner payload

Contacts a large (551) amount of remote hosts

Modifies Windows Firewall

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

Creates a large amount of network flows

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2