xmrig | 377a7cb3e946d8b38c785198b92822a3d48d5d955bf3b8df7352b4db0ff2a17a | Triage

Submit
Reports

Overview

overview

Static

static

377a7cb3e9...7a.exe

windows7-x64

377a7cb3e9...7a.exe

windows10-2004-x64

Sharing

General

Target

377a7cb3e946d8b38c785198b92822a3d48d5d955bf3b8df7352b4db0ff2a17a.exe
Size

1.9MB
Sample

240705-esjznavcnf
MD5

46c26b919894d06904d07694b0f1a560
SHA1

8e712ad44de8ba8112de3a70e5233627470f428f
SHA256

377a7cb3e946d8b38c785198b92822a3d48d5d955bf3b8df7352b4db0ff2a17a
SHA512

f61ac7365173754ce46edd19d07fa87e92facf3c6f25937e53c4124b660ca40f7cf604f21bb25c58d2b8adbd0427379c250fe71bf3b14e6ed56a8ff87c9d0620
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t46xKMp6DBvSArT4yXEqU32EaSGN:Lz071uv4BPMkFfdk2af+vP4y0qUnGN

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

377a7cb3e946d8b38c785198b92822a3d48d5d955bf3b8df7352b4db0ff2a17a.exe

Resource

win7-20240221-en

xmrig execution miner persistence privilege_escalation upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

377a7cb3e946d8b38c785198b92822a3d48d5d955bf3b8df7352b4db0ff2a17a.exe

Resource

win10v2004-20240704-en

xmrig execution miner upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  377a7cb3e946d8b38c785198b92822a3d48d5d955bf3b8df7352b4db0ff2a17a.exe
- Size
  
  1.9MB
- MD5
  
  46c26b919894d06904d07694b0f1a560
- SHA1
  
  8e712ad44de8ba8112de3a70e5233627470f428f
- SHA256
  
  377a7cb3e946d8b38c785198b92822a3d48d5d955bf3b8df7352b4db0ff2a17a
- SHA512
  
  f61ac7365173754ce46edd19d07fa87e92facf3c6f25937e53c4124b660ca40f7cf604f21bb25c58d2b8adbd0427379c250fe71bf3b14e6ed56a8ff87c9d0620
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t46xKMp6DBvSArT4yXEqU32EaSGN:Lz071uv4BPMkFfdk2af+vP4y0qUnGN
Score

10^/10

xmrig execution miner persistence privilege_escalation upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigexecutionminerpersistenceprivilege_escalationupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy