xmrig | 54533aa9450976475714abe8883c4854876519aa6dee02ffedff0e440eaa1542 | Triage

Sharing

General

Target

AnyDesk.exe
Size

1.3MB
Sample

250201-j1htsavlew
MD5

b40898155fbd7b67df7f86206bb589fd
SHA1

95b5c64dbc72d11e07bd8090e35d578cc709e365
SHA256

54533aa9450976475714abe8883c4854876519aa6dee02ffedff0e440eaa1542
SHA512

a470f1d5216c11c6c19a6f7a9abe41798b77783c3b9c9fa8b0a6aacf5ab32e3f426f8e36809e36f486dfb92ff5ede9b6a35f78a3716278bc33b6ade50d1344a5
SSDEEP

24576:IT4A/d6wF5q6Yh2JoaCmWJZopqgHC48jpU/grtY6v/87xaVUhf4pE0XwIjm:IMA16wFdjC7JZop5i48juIrtY6WhfD0I

Score

10^/10

xmrig defense_evasion execution miner persistence

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  1.3MB
- MD5
  
  b40898155fbd7b67df7f86206bb589fd
- SHA1
  
  95b5c64dbc72d11e07bd8090e35d578cc709e365
- SHA256
  
  54533aa9450976475714abe8883c4854876519aa6dee02ffedff0e440eaa1542
- SHA512
  
  a470f1d5216c11c6c19a6f7a9abe41798b77783c3b9c9fa8b0a6aacf5ab32e3f426f8e36809e36f486dfb92ff5ede9b6a35f78a3716278bc33b6ade50d1344a5
- SSDEEP
  
  24576:IT4A/d6wF5q6Yh2JoaCmWJZopqgHC48jpU/grtY6v/87xaVUhf4pE0XwIjm:IMA16wFdjC7JZop5i48juIrtY6WhfD0I
Score

8^/10

defense_evasion execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- Stops running service(s)
  defense_evasion execution
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasionexecutionpersistence