xmrig | 81e8b0d967d628a6079f5efefef87cd271f59e13d1d0e31e17200e0b04b98d61 | Triage

Submit
Reports

Overview

overview

Static

static

81e8b0d967...61.exe

windows7-x64

81e8b0d967...61.exe

windows10-2004-x64

Sharing

General

Target

81e8b0d967d628a6079f5efefef87cd271f59e13d1d0e31e17200e0b04b98d61
Size

1.9MB
Sample

240704-3p5c7awdpk
MD5

da8355c054d357854ee225fb3b9b496f
SHA1

485c8a0fc67439f30bd564f4d3cfd1557d50f760
SHA256

81e8b0d967d628a6079f5efefef87cd271f59e13d1d0e31e17200e0b04b98d61
SHA512

205c0bf876ca199948024360f8d3fd10ad6bc15a7de10cd5de5d82591026219f74083b6d599c039b14663fcf20301e0f6af763b142061e9b237595902a19e31b
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoYtgWqabE1y14dMPp:Lz071uv4BPMkHC0IEFTo/abRcNdxWT

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

81e8b0d967d628a6079f5efefef87cd271f59e13d1d0e31e17200e0b04b98d61.exe

Resource

win7-20240704-en

xmrig execution miner persistence privilege_escalation upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

81e8b0d967d628a6079f5efefef87cd271f59e13d1d0e31e17200e0b04b98d61.exe

Resource

win10v2004-20240704-en

xmrig execution miner upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  81e8b0d967d628a6079f5efefef87cd271f59e13d1d0e31e17200e0b04b98d61
- Size
  
  1.9MB
- MD5
  
  da8355c054d357854ee225fb3b9b496f
- SHA1
  
  485c8a0fc67439f30bd564f4d3cfd1557d50f760
- SHA256
  
  81e8b0d967d628a6079f5efefef87cd271f59e13d1d0e31e17200e0b04b98d61
- SHA512
  
  205c0bf876ca199948024360f8d3fd10ad6bc15a7de10cd5de5d82591026219f74083b6d599c039b14663fcf20301e0f6af763b142061e9b237595902a19e31b
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoYtgWqabE1y14dMPp:Lz071uv4BPMkHC0IEFTo/abRcNdxWT
Score

10^/10

xmrig execution miner persistence privilege_escalation upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigexecutionminerpersistenceprivilege_escalationupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy