Overview

overview

10

Static

static

3

nxmr.exe

windows7-x64

10

nxmr.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nxmr.exe

  • Size

    5.6MB

  • Sample

    250130-sytmyaxlcj

  • MD5

    13b26b2c7048a92d6a843c1302618fad

  • SHA1

    89c2dfc01ac12ef2704c7669844ec69f1700c1ca

  • SHA256

    1753ad35ece25ab9a19048c70062e9170f495e313d7355ebbba59c38f5d90256

  • SHA512

    d6aff89b61c9945002a6798617ad304612460a607ef1cfbdcb32f8932ca648bcee1d5f2e0321bb4c58c1f4642b1e0ececc1eb82450fdec7dff69b5389f195455

  • SSDEEP

    98304:ZMknXV8IFUX81qQ6lLYhJ/N0TB4HBDxWcLKamiwPZhsSZLZ1wpxGN:ZBnXV86UiqrlLY/8AW6YZPZf6HGN

Score
10/10
xmrigexecutionminer

Malware Config

Targets

    • Target

      nxmr.exe

    • Size

      5.6MB

    • MD5

      13b26b2c7048a92d6a843c1302618fad

    • SHA1

      89c2dfc01ac12ef2704c7669844ec69f1700c1ca

    • SHA256

      1753ad35ece25ab9a19048c70062e9170f495e313d7355ebbba59c38f5d90256

    • SHA512

      d6aff89b61c9945002a6798617ad304612460a607ef1cfbdcb32f8932ca648bcee1d5f2e0321bb4c58c1f4642b1e0ececc1eb82450fdec7dff69b5389f195455

    • SSDEEP

      98304:ZMknXV8IFUX81qQ6lLYhJ/N0TB4HBDxWcLKamiwPZhsSZLZ1wpxGN:ZBnXV86UiqrlLY/8AW6YZPZf6HGN

    Score
    10/10
    xmrigexecutionminer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks