Overview

overview

10

Static

static

1

tesy - Copy (10).bat

windows10-1703-x64

10

tesy - Copy (11).bat

windows10-1703-x64

10

tesy - Copy (12).bat

windows10-1703-x64

10

tesy - Copy (13).bat

windows10-1703-x64

10

tesy - Copy (14).bat

windows10-1703-x64

10

tesy - Copy (2).bat

windows10-1703-x64

10

tesy - Copy (3).bat

windows10-1703-x64

10

tesy - Copy (4).bat

windows10-1703-x64

10

tesy - Copy (5).bat

windows10-1703-x64

10

tesy - Copy (6).bat

windows10-1703-x64

10

tesy - Copy (7).bat

windows10-1703-x64

10

tesy - Copy (8).bat

windows10-1703-x64

10

tesy - Copy (9).bat

windows10-1703-x64

10

tesy - Copy.bat

windows10-1703-x64

10

tesy.bat

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test15k.zip

  • Size

    7KB

  • Sample

    231014-fxw1fsgd21

  • MD5

    411d511f4037c79cd97f18f2845e61aa

  • SHA1

    5c6d557703f957f45500a2f0b5dc11259262c84a

  • SHA256

    1f2ddc6098fc1879106e8651c5c3c629104f994272b4fa1a04d67c8a723925ec

  • SHA512

    6147eae428b1af3bd66ff176f3f54d0aa1f979e7d37e7acdf84e550de701bbd0bf137c069841c7cf924cdc0b90099ccd6bf70b19600c4302eb7206114a5ea0b0

  • SSDEEP

    192:8E2ogE2oXE2oGE2olE2oBE2owE2oyEE2oKE2o1E2okE2ofE2ouE2ogE2opE2ol8:LrXr0rpr2rarnryDr1rGrjrMrhrXrSr6

Score
10/10
xmrigminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.nest.rip/uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip

Targets

    • Target

      tesy - Copy (10).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral1

    • Target

      tesy - Copy (11).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral2

    • Target

      tesy - Copy (12).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral3

    • Target

      tesy - Copy (13).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral4

    • Target

      tesy - Copy (14).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral5

    • Target

      tesy - Copy (2).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral6

    • Target

      tesy - Copy (3).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral7

    • Target

      tesy - Copy (4).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral8

    • Target

      tesy - Copy (5).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral9

    • Target

      tesy - Copy (6).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral10

    • Target

      tesy - Copy (7).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral11

    • Target

      tesy - Copy (8).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral12

    • Target

      tesy - Copy (9).bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral13

    • Target

      tesy - Copy.bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral14

    • Target

      tesy.bat

    • Size

      702B

    • MD5

      65f016a2abe40d2902c7032438a14bd7

    • SHA1

      b3537668ca1bb826e5085aee38b3f7ec654d606e

    • SHA256

      153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

    • SHA512

      b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral15

MITRE ATT&CK Matrix

Tasks