xmrig | 5c5374eb9054e48c5ab9c6ef21c2bd228fe2e63eaa0ae83dbdb65dd1a7429369 | Triage

Submit
Reports

Overview

overview

Static

static

3

miner.exe

windows11-21h2-x64

Sharing

General

Target

miner.exe
Size

104KB
Sample

250303-v232wstwf1
MD5

4a9f5b7664e2ebf47aa5fc4240dc8a22
SHA1

d0fc11aab0181df38d193cf8dfd1843fe06c844a
SHA256

5c5374eb9054e48c5ab9c6ef21c2bd228fe2e63eaa0ae83dbdb65dd1a7429369
SHA512

f45224b584b64d4ac32d4e6303ad87b2902ea310ac332ed0a0c7a706df2441eb0ef1f5076fe2716d004e59aa6a8e9e5e5e3a8f012008f05aef05064ad1e1eed6
SSDEEP

192:xjZaDMFEa4ajXPeeZnXwqXTyE1hEjjTyXfan55tfMcePLiZmGhTuRY9SRXiKqiRh:hp4ajGCnXGMsGXfwldJ99Sjvb99Sjv

Score

10^/10

xmrig xworm defense_evasion execution miner rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

miner.exe

Resource

win11-20250217-en

xmrig xworm defense_evasion execution miner rat trojan

windows11-21h2-x64

24 signatures

900 seconds

Malware Config

Extracted

Family

xworm

Mutex

yNحكـX8ٍبAGLWِF6Jo2DiObلٍLZا3ا

Attributes

Install_directory
%Port%
install_file
MicrosoftEdgeUpdateTaskMachineUAC.exe

aes.plain

Targets

- Target
  
  miner.exe
- Size
  
  104KB
- MD5
  
  4a9f5b7664e2ebf47aa5fc4240dc8a22
- SHA1
  
  d0fc11aab0181df38d193cf8dfd1843fe06c844a
- SHA256
  
  5c5374eb9054e48c5ab9c6ef21c2bd228fe2e63eaa0ae83dbdb65dd1a7429369
- SHA512
  
  f45224b584b64d4ac32d4e6303ad87b2902ea310ac332ed0a0c7a706df2441eb0ef1f5076fe2716d004e59aa6a8e9e5e5e3a8f012008f05aef05064ad1e1eed6
- SSDEEP
  
  192:xjZaDMFEa4ajXPeeZnXwqXTyE1hEjjTyXfan55tfMcePLiZmGhTuRY9SRXiKqiRh:hp4ajGCnXGMsGXfwldJ99Sjvb99Sjv
Score

10^/10

xmrig xworm defense_evasion execution miner rat trojan
- Detect Xworm Payload
- XMRig Miner payload
  miner
- Xmrig family
  xmrig
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Clear Windows Event Logs

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigxwormdefense_evasionexecutionminerrattrojan

© 2018-2025

Terms | Privacy