Overview

overview

10

Static

static

1

1.bat

windows7-x64

10

1.bat

windows10-2004-x64

10

10.bat

windows7-x64

10

10.bat

windows10-2004-x64

10

11.bat

windows7-x64

10

11.bat

windows10-2004-x64

10

12.bat

windows7-x64

10

12.bat

windows10-2004-x64

10

13.bat

windows7-x64

10

13.bat

windows10-2004-x64

10

14.bat

windows7-x64

10

14.bat

windows10-2004-x64

10

15.bat

windows7-x64

10

15.bat

windows10-2004-x64

10

2.bat

windows7-x64

10

2.bat

windows10-2004-x64

10

3.bat

windows7-x64

10

3.bat

windows10-2004-x64

10

4.bat

windows7-x64

10

4.bat

windows10-2004-x64

10

5.bat

windows7-x64

10

5.bat

windows10-2004-x64

10

6.bat

windows7-x64

10

6.bat

windows10-2004-x64

10

7.bat

windows7-x64

10

7.bat

windows10-2004-x64

10

8.bat

windows7-x64

10

8.bat

windows10-2004-x64

10

9.bat

windows7-x64

10

9.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15.zip

  • Size

    7KB

  • Sample

    240522-dd5r5sac2s

  • MD5

    cb41c2ed31a720dec2665ca0d280ac60

  • SHA1

    61c4bbc7aa9fa2c1197ed4f5c91e173b5a3a690d

  • SHA256

    c0768ace239b9f133dfbb33d830ff9bf0580b167e2a6b0f015950f7aa2b1f768

  • SHA512

    d0c9aa805b12dd2bb869c954cbcde07360f785e7bb486acdd18045724d61a38dbce5fe211bd90b576bd51f410701b69e9c73ba47edd8b3a1ae503a9b91672119

  • SSDEEP

    192:IhDcGhDc3hDcwhDcxhDcShDcjhDc+hDcvhDcUhDcVhDcqhDc7hDcwhDcxhDcSn:dDiF0fe7aZoXWF0Sn

Score
10/10
xmrigexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip

Targets

    • Target

      1.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral1behavioral2

    • Target

      10.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral3behavioral4

    • Target

      11.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral5behavioral6

    • Target

      12.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral7behavioral8

    • Target

      13.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    xmrigexecutionminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral10behavioral9

    • Target

      14.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral11behavioral12

    • Target

      15.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral13behavioral14

    • Target

      2.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral15behavioral16

    • Target

      3.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral17behavioral18

    • Target

      4.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral19behavioral20

    • Target

      5.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral21behavioral22

    • Target

      6.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral23behavioral24

    • Target

      7.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral25behavioral26

    • Target

      8.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral27behavioral28

    • Target

      9.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral29behavioral30

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

15
T1059

PowerShell

15
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
1/10

behavioral1

execution
Score
10/10

behavioral2

xmrigexecutionminer
Score
10/10

behavioral3

execution
Score
10/10

behavioral4

xmrigexecutionminer
Score
10/10

behavioral5

execution
Score
10/10

behavioral6

xmrigexecutionminer
Score
10/10

behavioral7

execution
Score
10/10

behavioral8

xmrigexecutionminer
Score
10/10

behavioral9

execution
Score
10/10

behavioral10

xmrigexecutionminer
Score
10/10

behavioral11

execution
Score
10/10

behavioral12

xmrigexecutionminer
Score
10/10

behavioral13

execution
Score
10/10

behavioral14

xmrigexecutionminer
Score
10/10

behavioral15

execution
Score
10/10

behavioral16

xmrigexecutionminer
Score
10/10

behavioral17

execution
Score
10/10

behavioral18

xmrigexecutionminer
Score
10/10

behavioral19

execution
Score
10/10

behavioral20

xmrigexecutionminer
Score
10/10

behavioral21

execution
Score
10/10

behavioral22

xmrigexecutionminer
Score
10/10

behavioral23

execution
Score
10/10

behavioral24

xmrigexecutionminer
Score
10/10

behavioral25

execution
Score
10/10

behavioral26

xmrigexecutionminer
Score
10/10

behavioral27

execution
Score
10/10

behavioral28

xmrigexecutionminer
Score
10/10

behavioral29

execution
Score
10/10

behavioral30

xmrigexecutionminer
Score
10/10