xmrig | 19e5abfc57e4969d264f332ccfd5d3f66fd288169e96acf40b6268f8e224ba77 | Triage

Resubmissions

01-02-2025 07:14

250201-h2xtnawjcq 10

01-02-2025 06:19

250201-g3g9xsvlap 10

Sharing

General

Target

ka.exe
Size

1.3MB
Sample

250201-g3g9xsvlap
MD5

2e0827867a5d6d443f13b5734bb34f25
SHA1

abc9c26b88bf37571dcb342a89d6c185dab72062
SHA256

19e5abfc57e4969d264f332ccfd5d3f66fd288169e96acf40b6268f8e224ba77
SHA512

0d07a3ad39f143688d032088b970c199cf8015622c75290191c2370c5721204d545ac214cca56d2cf532e61f2550d15606cd389e0457e7480866f4df6f320967
SSDEEP

24576:WXT4A/dXgFI65Ux5PYgMBLVYyLJDI8kz5/gtY6v/87xaVUhffpE0vwYBb:WXMA1XgF06gGLVYuJDI8kz5YtY6WhfW6

Score

10^/10

xmrig defense_evasion execution miner persistence

Malware Config

Targets

- Target
  
  ka.exe
- Size
  
  1.3MB
- MD5
  
  2e0827867a5d6d443f13b5734bb34f25
- SHA1
  
  abc9c26b88bf37571dcb342a89d6c185dab72062
- SHA256
  
  19e5abfc57e4969d264f332ccfd5d3f66fd288169e96acf40b6268f8e224ba77
- SHA512
  
  0d07a3ad39f143688d032088b970c199cf8015622c75290191c2370c5721204d545ac214cca56d2cf532e61f2550d15606cd389e0457e7480866f4df6f320967
- SSDEEP
  
  24576:WXT4A/dXgFI65Ux5PYgMBLVYyLJDI8kz5/gtY6v/87xaVUhffpE0vwYBb:WXMA1XgF06gGLVYuJDI8kz5YtY6WhfW6
Score

8^/10

defense_evasion execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- Stops running service(s)
  defense_evasion execution
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasionexecutionpersistence