Overview

overview

10

Static

static

1

1.bat

windows7-x64

10

1.bat

windows10-2004-x64

10

10.bat

windows7-x64

10

10.bat

windows10-2004-x64

10

11.bat

windows7-x64

10

11.bat

windows10-2004-x64

10

12.bat

windows7-x64

10

12.bat

windows10-2004-x64

10

13.bat

windows7-x64

10

13.bat

windows10-2004-x64

10

14.bat

windows7-x64

10

14.bat

windows10-2004-x64

10

15.bat

windows7-x64

10

15.bat

windows10-2004-x64

10

2.bat

windows7-x64

10

2.bat

windows10-2004-x64

10

3.bat

windows7-x64

10

3.bat

windows10-2004-x64

10

4.bat

windows7-x64

10

4.bat

windows10-2004-x64

10

5.bat

windows7-x64

10

5.bat

windows10-2004-x64

10

6.bat

windows7-x64

10

6.bat

windows10-2004-x64

10

7.bat

windows7-x64

10

7.bat

windows10-2004-x64

10

8.bat

windows7-x64

10

8.bat

windows10-2004-x64

10

9.bat

windows7-x64

10

9.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15.zip

  • Size

    7KB

  • Sample

    240522-dd5r5sac2s

  • MD5

    cb41c2ed31a720dec2665ca0d280ac60

  • SHA1

    61c4bbc7aa9fa2c1197ed4f5c91e173b5a3a690d

  • SHA256

    c0768ace239b9f133dfbb33d830ff9bf0580b167e2a6b0f015950f7aa2b1f768

  • SHA512

    d0c9aa805b12dd2bb869c954cbcde07360f785e7bb486acdd18045724d61a38dbce5fe211bd90b576bd51f410701b69e9c73ba47edd8b3a1ae503a9b91672119

  • SSDEEP

    192:IhDcGhDc3hDcwhDcxhDcShDcjhDc+hDcvhDcUhDcVhDcqhDc7hDcwhDcxhDcSn:dDiF0fe7aZoXWF0Sn

Score
10/10
xmrigexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip

Targets

    • Target

      1.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral1behavioral2

    • Target

      10.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral3behavioral4

    • Target

      11.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral5behavioral6

    • Target

      12.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral7behavioral8

    • Target

      13.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    xmrigexecutionminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral10behavioral9

    • Target

      14.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral11behavioral12

    • Target

      15.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral13behavioral14

    • Target

      2.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral15behavioral16

    • Target

      3.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral17behavioral18

    • Target

      4.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral19behavioral20

    • Target

      5.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral21behavioral22

    • Target

      6.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral23behavioral24

    • Target

      7.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral25behavioral26

    • Target

      8.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral27behavioral28

    • Target

      9.bat

    • Size

      599B

    • MD5

      798b979417aa88e5323ead9be2d8425c

    • SHA1

      a54c5133c71afddf697f302b36bdb930c72852ce

    • SHA256

      f83d724987f9f4a0843c0b0abd01f3f5ceccbc8e7babad76c2639e1bef2fee07

    • SHA512

      a4f2ff598bc26b5ee7778b34b34aafd20e43f714c5f841b9fe73cdc6e1c3e47e44ffb94ff06ccd7dd263116201ff6754c956c1ea8f588acf6927f35446b5036b

    Score
    10/10
    executionxmrigminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

execution
Score
10/10

behavioral2

xmrigexecutionminer
Score
10/10

behavioral3

execution
Score
10/10

behavioral4

xmrigexecutionminer
Score
10/10

behavioral5

execution
Score
10/10

behavioral6

xmrigexecutionminer
Score
10/10

behavioral7

execution
Score
10/10

behavioral8

xmrigexecutionminer
Score
10/10

behavioral9

execution
Score
10/10

behavioral10

xmrigexecutionminer
Score
10/10

behavioral11

execution
Score
10/10

behavioral12

xmrigexecutionminer
Score
10/10

behavioral13

execution
Score
10/10

behavioral14

xmrigexecutionminer
Score
10/10

behavioral15

execution
Score
10/10

behavioral16

xmrigexecutionminer
Score
10/10

behavioral17

execution
Score
10/10

behavioral18

xmrigexecutionminer
Score
10/10

behavioral19

execution
Score
10/10

behavioral20

xmrigexecutionminer
Score
10/10

behavioral21

execution
Score
10/10

behavioral22

xmrigexecutionminer
Score
10/10

behavioral23

execution
Score
10/10

behavioral24

xmrigexecutionminer
Score
10/10

behavioral25

execution
Score
10/10

behavioral26

xmrigexecutionminer
Score
10/10

behavioral27

execution
Score
10/10

behavioral28

xmrigexecutionminer
Score
10/10

behavioral29

execution
Score
10/10

behavioral30

xmrigexecutionminer
Score
10/10