xmrig | 1360212e053f0c7cfad357be61c1e591e4b35842c020279f08b3590705cc1321 | Triage

Submit
Reports

Overview

overview

Static

static

1

1360212e05...21.cmd

windows7-x64

1360212e05...21.cmd

windows10-2004-x64

Sharing

General

Target

1360212e053f0c7cfad357be61c1e591e4b35842c020279f08b3590705cc1321.cmd
Size

400B
Sample

250125-j15csavqdn
MD5

2eeefd9c6e45d4aa21861b1296f67585
SHA1

a946bbc6ddecbfc98e418f5cd268fd9e31012f21
SHA256

1360212e053f0c7cfad357be61c1e591e4b35842c020279f08b3590705cc1321
SHA512

ae169104fd73052c11deadc0b3470e6a64e53edc17818e75576c0077eef27a7633c6c94ea96f9ebfe4321f6184d448dd9b218aee35e6ffea40a446308af844e0

Score

10^/10

xmrig defense_evasion execution miner persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

1360212e053f0c7cfad357be61c1e591e4b35842c020279f08b3590705cc1321.cmd

Resource

win7-20240729-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

1360212e053f0c7cfad357be61c1e591e4b35842c020279f08b3590705cc1321.cmd

Resource

win10v2004-20241007-en

xmrig defense_evasion execution miner persistence upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://biteblob.com/Download/J4wO2GduKNJmX3/build.exe

Targets

- Target
  
  1360212e053f0c7cfad357be61c1e591e4b35842c020279f08b3590705cc1321.cmd
- Size
  
  400B
- MD5
  
  2eeefd9c6e45d4aa21861b1296f67585
- SHA1
  
  a946bbc6ddecbfc98e418f5cd268fd9e31012f21
- SHA256
  
  1360212e053f0c7cfad357be61c1e591e4b35842c020279f08b3590705cc1321
- SHA512
  
  ae169104fd73052c11deadc0b3470e6a64e53edc17818e75576c0077eef27a7633c6c94ea96f9ebfe4321f6184d448dd9b218aee35e6ffea40a446308af844e0
Score

10^/10

execution xmrig defense_evasion miner persistence upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Creates new service(s)
  persistence execution
- Downloads MZ/PE file
- Stops running service(s)
  defense_evasion execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Power Settings

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

xmrigdefense_evasionexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy