xmrig | 3241ac2b39d78ecf4a0b2f986f8a2d590b29efff368d218e63f5ba4739f55850 | Triage

Submit
Reports

Overview

overview

Static

static

3241ac2b39...cs.exe

windows7-x64

3241ac2b39...cs.exe

windows10-2004-x64

Sharing

General

Target

3241ac2b39d78ecf4a0b2f986f8a2d590b29efff368d218e63f5ba4739f55850_NeikiAnalytics.exe
Size

1.3MB
Sample

240701-d2xrfavdrd
MD5

d49fd42f071f5bd9086d3de2298f7640
SHA1

bc8ecd256c186708c9f895681d568742593a90d3
SHA256

3241ac2b39d78ecf4a0b2f986f8a2d590b29efff368d218e63f5ba4739f55850
SHA512

540e2fa3e8565f2fc786d74e0ae00cb35713875f041404fbbb03a33ff51a3d934dccac6dceadb2c79cdb7b91dca3dacc43c9ea5a88e077eb228f7f906e2e2b58
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZvIDxjIy9e/+:Lz071uv4BPMkyW10/w16BvZ49eW

Score

10^/10

xmrig execution miner upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

3241ac2b39d78ecf4a0b2f986f8a2d590b29efff368d218e63f5ba4739f55850_NeikiAnalytics.exe

Resource

win7-20240508-en

xmrig miner upx

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

3241ac2b39d78ecf4a0b2f986f8a2d590b29efff368d218e63f5ba4739f55850_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

xmrig execution miner upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  3241ac2b39d78ecf4a0b2f986f8a2d590b29efff368d218e63f5ba4739f55850_NeikiAnalytics.exe
- Size
  
  1.3MB
- MD5
  
  d49fd42f071f5bd9086d3de2298f7640
- SHA1
  
  bc8ecd256c186708c9f895681d568742593a90d3
- SHA256
  
  3241ac2b39d78ecf4a0b2f986f8a2d590b29efff368d218e63f5ba4739f55850
- SHA512
  
  540e2fa3e8565f2fc786d74e0ae00cb35713875f041404fbbb03a33ff51a3d934dccac6dceadb2c79cdb7b91dca3dacc43c9ea5a88e077eb228f7f906e2e2b58
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZvIDxjIy9e/+:Lz071uv4BPMkyW10/w16BvZ49eW
Score

10^/10

xmrig miner upx execution
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy