Overview

overview

10

Static

static

1

tesy - Copy (10).bat

windows10-2004-x64

10

tesy - Copy (11).bat

windows10-2004-x64

10

tesy - Copy (12).bat

windows10-2004-x64

10

tesy - Copy (13).bat

windows10-2004-x64

10

tesy - Copy (14).bat

windows10-2004-x64

10

tesy - Copy (2).bat

windows10-2004-x64

10

tesy - Copy (3).bat

windows10-2004-x64

10

tesy - Copy (4).bat

windows10-2004-x64

10

tesy - Copy (5).bat

windows10-2004-x64

10

tesy - Copy (6).bat

windows10-2004-x64

10

tesy - Copy (7).bat

windows10-2004-x64

10

tesy - Copy (8).bat

windows10-2004-x64

10

tesy - Copy (9).bat

windows10-2004-x64

10

tesy - Copy.bat

windows10-2004-x64

10

tesy.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test15k2.zip

  • Size

    8KB

  • Sample

    231119-dxl45sgf77

  • MD5

    e5095fd8a247842d03bcc2195bfcf96f

  • SHA1

    46af5182a094fdebf0f5f4faae9d2d11eec11149

  • SHA256

    3113000f470106b98b5a3208266c79213a33567ca7841dd1cfe8ab84847c4eb8

  • SHA512

    8a4c650dfb9bd12fe6e8eca143c755766c2c6a860052c46e9a1baa519ac70d6dc7be315ba9d88b0d0d9fdf0738f7aeffb67a8334202e10b6090d542588eb7497

  • SSDEEP

    192:FErBx2hJrBx2hOrBx2hTrBx2hArBx2hIrBx2hNrBx2h4LrBx2hbrBx2hsrBx2hRt:FoihZiheih3ih0ihMihtih4fihvihgiN

Score
10/10
xmrigminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.nest.rip/uploads/fe8c3030-34d2-4153-bdb3-f0ef0fdd51b2.zip

Targets

    • Target

      tesy - Copy (10).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral1

    • Target

      tesy - Copy (11).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral2

    • Target

      tesy - Copy (12).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral3

    • Target

      tesy - Copy (13).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral4

    • Target

      tesy - Copy (14).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral5

    • Target

      tesy - Copy (2).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral6

    • Target

      tesy - Copy (3).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral7

    • Target

      tesy - Copy (4).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral8

    • Target

      tesy - Copy (5).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral9

    • Target

      tesy - Copy (6).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral10

    • Target

      tesy - Copy (7).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral11

    • Target

      tesy - Copy (8).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral12

    • Target

      tesy - Copy (9).bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral13

    • Target

      tesy - Copy.bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral14

    • Target

      tesy.bat

    • Size

      706B

    • MD5

      035f17438f6146d5ac7285b4adfeb370

    • SHA1

      ef83c877367e96073e2b9b841d9c03ece6b1df7e

    • SHA256

      02261a07ff83d906a835ac5229b25595239717e0091f2462804d0a31859bbdc0

    • SHA512

      49455c7edd51537ba92e2db0941f571cd6ad89252702a19cf5910b390b182c16fc970ca62c26582b293ac5fc096e84538c5634472ab6e31bbd29242e8bb816cf

    Score
    10/10
    xmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral15

MITRE ATT&CK Matrix

Tasks