xmrig | 457cc36615572d74a0013bfafc9e758c2c2f2e34f57ae9f1a1dd748feae7185c | Triage

Resubmissions

01-02-2025 07:50

250201-jpfkaavjaz 10

01-02-2025 07:40

250201-jhnx3stqey 10

Sharing

General

Target

AnyDesk.exe
Size

1.3MB
Sample

250201-jpfkaavjaz
MD5

183cee8f0737e89ee631fd4665d54deb
SHA1

64f433299f4976208d506b5fb5f020283992977a
SHA256

457cc36615572d74a0013bfafc9e758c2c2f2e34f57ae9f1a1dd748feae7185c
SHA512

1298ec0e002c99813f48ea0c640ad199b2ff6fdfdf3bd28a67f3ab4393b04c15ec194982b149d7a1a02f542ca82bffbecd2fcbfb5228b1ce5599704d1890db78
SSDEEP

24576:IT4A/d6wF5q6Yh2JoaCmWJZopqgHCV8jpU/3kwtY6v/87xaVUhf4pE0TwIDm:IMA16wFdjC7JZop5iV8juMwtY6WhfD0M

Score

10^/10

xmrig defense_evasion execution miner persistence

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  1.3MB
- MD5
  
  183cee8f0737e89ee631fd4665d54deb
- SHA1
  
  64f433299f4976208d506b5fb5f020283992977a
- SHA256
  
  457cc36615572d74a0013bfafc9e758c2c2f2e34f57ae9f1a1dd748feae7185c
- SHA512
  
  1298ec0e002c99813f48ea0c640ad199b2ff6fdfdf3bd28a67f3ab4393b04c15ec194982b149d7a1a02f542ca82bffbecd2fcbfb5228b1ce5599704d1890db78
- SSDEEP
  
  24576:IT4A/d6wF5q6Yh2JoaCmWJZopqgHCV8jpU/3kwtY6v/87xaVUhf4pE0TwIDm:IMA16wFdjC7JZop5iV8juMwtY6WhfD0M
Score

8^/10

defense_evasion execution persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- Stops running service(s)
  defense_evasion execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

defense_evasionexecutionpersistence