xmrig | 93f7206c22debd87a0ba1fe9714b5439a3838ec85e794abf09d1f402b70c7ad4 | Triage

Submit
Reports

Overview

overview

Static

static

1

run.ps1

windows10-1703-x64

run.ps1

windows10-2004-x64

run.ps1

windows11-21h2-x64

Sharing

General

Target

run.ps1
Size

148B
Sample

240705-g11y9atelq
MD5

875745fc114004987f5921b8b7f632be
SHA1

421f0a88583c5d3b45d9daf71f287184b6ff149d
SHA256

93f7206c22debd87a0ba1fe9714b5439a3838ec85e794abf09d1f402b70c7ad4
SHA512

190dd20b835dc6cc5b9ff3cebf820439f017d964cabebdc9cd0fdb86a9ea169fc45dc1e176f1781c0a109484e245353ba8e02b9c9ffe322dff4e9fb36013ce56

Score

10^/10

xmrig evasion execution miner

Static task

static1

Behavioral task

behavioral1

Sample

run.ps1

Resource

win10-20240404-en

xmrig evasion execution miner

windows10-1703-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

run.ps1

Resource

win10v2004-20240704-en

xmrig evasion execution miner

windows10-2004-x64

15 signatures

300 seconds

Behavioral task

behavioral3

Sample

run.ps1

Resource

win11-20240704-en

xmrig evasion execution miner

windows11-21h2-x64

15 signatures

300 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

- Target
  
  run.ps1
- Size
  
  148B
- MD5
  
  875745fc114004987f5921b8b7f632be
- SHA1
  
  421f0a88583c5d3b45d9daf71f287184b6ff149d
- SHA256
  
  93f7206c22debd87a0ba1fe9714b5439a3838ec85e794abf09d1f402b70c7ad4
- SHA512
  
  190dd20b835dc6cc5b9ff3cebf820439f017d964cabebdc9cd0fdb86a9ea169fc45dc1e176f1781c0a109484e245353ba8e02b9c9ffe322dff4e9fb36013ce56
Score

10^/10

xmrig evasion execution miner
- XMRig Miner payload
  miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Blocklisted process makes network request
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigevasionexecutionminer

behavioral2

xmrigevasionexecutionminer

behavioral3

xmrigevasionexecutionminer

© 2018-2024

Terms | Privacy