General
-
Target
a.ps1
-
Size
8KB
-
Sample
210507-1yvk98xg3x
-
MD5
5999be483bae2a132bc4554620e37cfc
-
SHA1
bbd9c4dd37b2cd310618ab5f0e5fa56d66ee69aa
-
SHA256
608538fcefef29626896925675428811db363e0870f193d253bd7319d264ca7f
-
SHA512
50f507f08e64b171da7f725a6bed7ccc0def006e6da0f3ac97feeb7323ffd699b0228cc1fb7c7c897db90762686a559a5c803373d7eedb61f635c20d0ee253fa
Static task
static1
Malware Config
Extracted
http://127.0.0.1:43669/1/summary
http://d.qq8.ag
http://t.ntele.net
Extracted
http://t.ntele.net
Targets
-
-
Target
a.ps1
-
Size
8KB
-
MD5
5999be483bae2a132bc4554620e37cfc
-
SHA1
bbd9c4dd37b2cd310618ab5f0e5fa56d66ee69aa
-
SHA256
608538fcefef29626896925675428811db363e0870f193d253bd7319d264ca7f
-
SHA512
50f507f08e64b171da7f725a6bed7ccc0def006e6da0f3ac97feeb7323ffd699b0228cc1fb7c7c897db90762686a559a5c803373d7eedb61f635c20d0ee253fa
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-