Overview

overview

10

Static

static

1

tesy1.bat

windows10-1703-x64

10

tesy10.bat

windows10-1703-x64

10

tesy11.bat

windows10-1703-x64

10

tesy12.bat

windows10-1703-x64

10

tesy2.bat

windows10-1703-x64

10

tesy3.bat

windows10-1703-x64

10

tesy4.bat

windows10-1703-x64

10

tesy5.bat

windows10-1703-x64

10

tesy6.bat

windows10-1703-x64

10

tesy7.bat

windows10-1703-x64

10

tesy8.bat

windows10-1703-x64

10

tesy9.bat

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    C.zip

  • Size

    6KB

  • Sample

    230703-3jm7qabh2t

  • MD5

    e46e060d4b21e5b912a9688b734f01f6

  • SHA1

    949cea755fd16092932b621322bef38c4d0c335f

  • SHA256

    8992e6efcf8d972b9cddf644aea8c5ea29cb571c729029727eb08aa72c793c1c

  • SHA512

    0a67f7629396b75a629fa215f98c0d24a059ccf87d8fe15052b6bb6f333484d154333970c61b5ee680585d083c2086a389890a6079b1a99964df75740d7bb08b

  • SSDEEP

    192:wJViJVbJVQJVCJV7JV8JVFJVeJV3JVIJVhJVx:sGrMmLgdKv0Bx

Score
10/10
xmrigminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.nest.rip/uploads/126d1e0b-e170-4964-b710-93ec152ec8c9.zip

Targets

    • Target

      tesy1.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral1

    • Target

      tesy10.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral2

    • Target

      tesy11.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral3

    • Target

      tesy12.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral4

    • Target

      tesy2.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10

    • Blocklisted process makes network request

    behavioral5

    • Target

      tesy3.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral6

    • Target

      tesy4.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral7

    • Target

      tesy5.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral8

    • Target

      tesy6.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral9

    • Target

      tesy7.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral10

    • Target

      tesy8.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral11

    • Target

      tesy9.bat

    • Size

      700B

    • MD5

      185a2d7bf8c479e47ed8e1ef2cffe6a3

    • SHA1

      810436c92e9eb0c3ef0f6867e938b314f85f43c0

    • SHA256

      e5aaa6de5373b002a54ae2cce47c384f11a80e66b03531b98e8eff1a8dd79581

    • SHA512

      9f1fad5e2a66d6e3d8645ce6c4614fe65ccd169dfa7f78fa3ada228bd543fa7c3dadc384d839d063b66887207897226c57dc62bfb8458ba65614f153791c44bd

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral12

MITRE ATT&CK Matrix

Tasks