xmrig | 61b6db96b367919bb130955c1243b7ca6fef3a1d111ffd390a4a8f66146d3eca | Triage

Submit
Reports

Overview

overview

Static

static

3

BitcoinPri...er.zip

windows11-21h2-x64

1

BitcoinPri...er.exe

windows11-21h2-x64

Sharing

General

Target

BitcoinPrivateKeyFinder.zip
Size

2.2MB
Sample

250201-zdlvxs1lhk
MD5

4a685e71890904b1387d6c5a84463986
SHA1

32baa61a9896b1992486dba009043c01488fbdac
SHA256

61b6db96b367919bb130955c1243b7ca6fef3a1d111ffd390a4a8f66146d3eca
SHA512

7ec063ed103349c7aa9676264fe26ec85da9511f8687f50c5d1098a3f172f9f2f14cba5c67754ecb627f6556449d0fea6986da2232a0b9277b984a026f38642c
SSDEEP

49152:Br/zB9ruvrhgL4Wc1PU6td1zZTsc/e6HCUNCCRmM9IwavhRRVcqXKYxPxVTPfS8C:1LOrS811PU6tzZQc/e6HCUNCCIzwUfK9

Score

10^/10

xmrig execution miner

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BitcoinPrivateKeyFinder.zip

Resource

win11-20241007-en

windows11-21h2-x64

0 signatures

300 seconds

Behavioral task

behavioral2

Sample

BitcoinPrivateKeyFinder/BitcoinPrivateKeyFinder-installer.exe

Resource

win11-20241007-en

xmrig execution miner

windows11-21h2-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  BitcoinPrivateKeyFinder.zip
- Size
  
  2.2MB
- MD5
  
  4a685e71890904b1387d6c5a84463986
- SHA1
  
  32baa61a9896b1992486dba009043c01488fbdac
- SHA256
  
  61b6db96b367919bb130955c1243b7ca6fef3a1d111ffd390a4a8f66146d3eca
- SHA512
  
  7ec063ed103349c7aa9676264fe26ec85da9511f8687f50c5d1098a3f172f9f2f14cba5c67754ecb627f6556449d0fea6986da2232a0b9277b984a026f38642c
- SSDEEP
  
  49152:Br/zB9ruvrhgL4Wc1PU6td1zZTsc/e6HCUNCCRmM9IwavhRRVcqXKYxPxVTPfS8C:1LOrS811PU6tzZQc/e6HCUNCCIzwUfK9
Score

1^/10
behavioral1
- Target
  
  BitcoinPrivateKeyFinder/BitcoinPrivateKeyFinder-installer.exe
- Size
  
  2.3MB
- MD5
  
  413a9080cdbb5e9dafc7a582bae52cfd
- SHA1
  
  0558bdf441317f8a73969cb432fb5466cf5fdd3f
- SHA256
  
  9896da019919c17a14328756877e84eb39accd4a5766381dfd4b2a750bd47924
- SHA512
  
  455e7fb9a7409f9057b4c163bdef0ddb7b4ac6efa1f8e7073e605d0ba0e472e6ade7e551832b96772450fc0b2c9f13320f609beb602e54fcd21253cad780336e
- SSDEEP
  
  49152:LHzVdJupvlgZ4qcNLquRd1DZFAkt8YHwMr6CtI89Q4wvj33Vo+N2oR/vrDNJS8q:PMvWmJNLquRDZWkt8YHwMr6CmZ4eT2W
Score

10^/10

xmrig execution miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xmrigexecutionminer

© 2018-2025

Terms | Privacy