xmrig | ecfd4b61f4df109403654b73b1dd2c5a9f66888e5fe6410372b11f270c594887 | Triage

Submit
Reports

Overview

overview

Static

static

2025-03-30...ig.exe

windows7-x64

2025-03-30...ig.exe

windows10-2004-x64

Sharing

General

Target

2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig
Size

5.0MB
Sample

250330-tbyh2s11bt
MD5

5515ecb998125dcf224f5668703d5ae0
SHA1

9e0744f7bfe9c82990b38b01c324a0294309caed
SHA256

ecfd4b61f4df109403654b73b1dd2c5a9f66888e5fe6410372b11f270c594887
SHA512

35a2050f37b44522fa8f14defe5598de052c312e6c82a8fe6042549a51ed44f096608c450a3fdb740dbd773249b3d6de5c1cd4a3c1468af4a7a75d3fd3c01d23
SSDEEP

98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8q:zbBeSFkk

Score

10^/10

xmrig execution miner upx

Static task

static1

miner upx xmrig

4 signatures

Behavioral task

behavioral1

Sample

2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe

Resource

win7-20241023-en

xmrig execution miner upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe

Resource

win10v2004-20250314-en

xmrig execution miner upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig
- Size
  
  5.0MB
- MD5
  
  5515ecb998125dcf224f5668703d5ae0
- SHA1
  
  9e0744f7bfe9c82990b38b01c324a0294309caed
- SHA256
  
  ecfd4b61f4df109403654b73b1dd2c5a9f66888e5fe6410372b11f270c594887
- SHA512
  
  35a2050f37b44522fa8f14defe5598de052c312e6c82a8fe6042549a51ed44f096608c450a3fdb740dbd773249b3d6de5c1cd4a3c1468af4a7a75d3fd3c01d23
- SSDEEP
  
  98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8q:zbBeSFkk
Score

10^/10

xmrig execution miner upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy