General
-
Target
222.bat
-
Size
89B
-
Sample
211016-krydjscfbj
-
MD5
75a4daa4b7e656ded55a6a7865342d04
-
SHA1
8e52d1f4dfa6bd9501ba89855b44059bf92f699e
-
SHA256
30899cd09dd5df4bfe5242ef5ff17f353ce1fd07a8c762702c1eb4e2ba8bfba1
-
SHA512
16fafec07a8ebed3d602c6af50323a2c8e0f784f4d8ccd172d78d935cb7e8a2294a51c02999a04e53efdaf290a5de687cb7654d67f38590eee392431bd7c2334
Static task
static1
Behavioral task
behavioral1
Sample
222.bat
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
222.bat
Resource
win10-en-20211014
Malware Config
Extracted
http://cat.xiaoshabi.nl/networks.ps1
Targets
-
-
Target
222.bat
-
Size
89B
-
MD5
75a4daa4b7e656ded55a6a7865342d04
-
SHA1
8e52d1f4dfa6bd9501ba89855b44059bf92f699e
-
SHA256
30899cd09dd5df4bfe5242ef5ff17f353ce1fd07a8c762702c1eb4e2ba8bfba1
-
SHA512
16fafec07a8ebed3d602c6af50323a2c8e0f784f4d8ccd172d78d935cb7e8a2294a51c02999a04e53efdaf290a5de687cb7654d67f38590eee392431bd7c2334
Score10/10-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies AppInit DLL entries
-
Sets DLL path for service in the registry
-
Stops running service(s)
-
Loads dropped DLL
-
Drops file in System32 directory
-