xmrig | f1a1dcc7752b787f2a00b2d3c729c4b644e19fce70f3bbe0d82a1fd621623f4f | Triage

Submit
Reports

Overview

overview

Static

static

2025-03-30...ig.exe

windows7-x64

2025-03-30...ig.exe

windows10-2004-x64

Sharing

General

Target

2025-03-30_e759f83e64dcf662b7495c721d80c7ae_aspxspy_black-basta_ezcob_imuler_xmrig
Size

5.7MB
Sample

250330-th6g8svjx3
MD5

e759f83e64dcf662b7495c721d80c7ae
SHA1

1fdf23d021e3f8bc9074173e1be67884ff06acd1
SHA256

f1a1dcc7752b787f2a00b2d3c729c4b644e19fce70f3bbe0d82a1fd621623f4f
SHA512

bdb0751f40c9f0849ecb09623eca96426d77af6f77d9816c61a0569ba7fbb74916a5dd77ca08e102c124368aa94c3b19df5470adfc90ba174318cf4332264b48
SSDEEP

98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8L:zbBeSFkx

Score

10^/10

xmrig execution miner persistence upx

Static task

static1

miner upx xmrig

4 signatures

Behavioral task

behavioral1

Sample

2025-03-30_e759f83e64dcf662b7495c721d80c7ae_aspxspy_black-basta_ezcob_imuler_xmrig.exe

Resource

win7-20240903-en

xmrig execution miner upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-30_e759f83e64dcf662b7495c721d80c7ae_aspxspy_black-basta_ezcob_imuler_xmrig.exe

Resource

win10v2004-20250314-en

xmrig execution miner persistence upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-03-30_e759f83e64dcf662b7495c721d80c7ae_aspxspy_black-basta_ezcob_imuler_xmrig
- Size
  
  5.7MB
- MD5
  
  e759f83e64dcf662b7495c721d80c7ae
- SHA1
  
  1fdf23d021e3f8bc9074173e1be67884ff06acd1
- SHA256
  
  f1a1dcc7752b787f2a00b2d3c729c4b644e19fce70f3bbe0d82a1fd621623f4f
- SHA512
  
  bdb0751f40c9f0849ecb09623eca96426d77af6f77d9816c61a0569ba7fbb74916a5dd77ca08e102c124368aa94c3b19df5470adfc90ba174318cf4332264b48
- SSDEEP
  
  98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8L:zbBeSFkx
Score

10^/10

xmrig execution miner upx persistence
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.