xmrig | 470ba629507af978aa777678811b7a64e1cf233dfd381b55ae8ab71c824a5d36 | Triage

Submit
Reports

Overview

overview

Static

static

3

EZLaunсher.exe

windows11-21h2-x64

Sharing

General

Target

EZLaunсher.exe
Size

17.3MB
Sample

250127-vqxezazjgn
MD5

0bb88543e0af583459aa73196ae90686
SHA1

8a77b803acdc60a5f53830b7dc82a742e7dfbac4
SHA256

470ba629507af978aa777678811b7a64e1cf233dfd381b55ae8ab71c824a5d36
SHA512

0234fb6b75f447a3f847e0abecd643bf667f488f10baf620162f9a8558beaad73467765e139edd2e596b8d688089701126390c73441b34bbcaf86f5fd488a2a2
SSDEEP

393216:AGDX6psfI9ml/oUyvxVrSqsQy8QBVF88gErAuRxa21/cx74Bv6t67NTIWTrxWo:/7fYmhyvxV2qsQiV+8gWRk2Kx7Qyt67t

Score

10^/10

xmrig defense_evasion execution miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

EZLaunсher.exe

Resource

win11-20241007-en

xmrig defense_evasion execution miner persistence upx

windows11-21h2-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  EZLaunсher.exe
- Size
  
  17.3MB
- MD5
  
  0bb88543e0af583459aa73196ae90686
- SHA1
  
  8a77b803acdc60a5f53830b7dc82a742e7dfbac4
- SHA256
  
  470ba629507af978aa777678811b7a64e1cf233dfd381b55ae8ab71c824a5d36
- SHA512
  
  0234fb6b75f447a3f847e0abecd643bf667f488f10baf620162f9a8558beaad73467765e139edd2e596b8d688089701126390c73441b34bbcaf86f5fd488a2a2
- SSDEEP
  
  393216:AGDX6psfI9ml/oUyvxVrSqsQy8QBVF88gErAuRxa21/cx74Bv6t67NTIWTrxWo:/7fYmhyvxV2qsQiV+8gWRk2Kx7Qyt67t
Score

10^/10

xmrig defense_evasion execution miner persistence upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  defense_evasion execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Power Settings

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigdefense_evasionexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy