Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    miner.bat

  • Size

    169B

  • Sample

    240607-ttzh3aba3z

  • MD5

    abfbeeced32bf0a03b8b0ceeea21e771

  • SHA1

    ccf3673a38497264821bfe9d67a97cc8af444915

  • SHA256

    c2d6f3cf4a462b03e9d0db53f41cee7ab3ec7ee6045492f52851392d874c609e

  • SHA512

    f2fb9f61d5f420271ab531e5b3829a1646a00b8a116a8759a4a88709d227f409e7545166284ad4a4cc0e0eac28473e633caee697d2432b412a63504bb404fa03

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

    • Target

      miner.bat

    • Size

      169B

    • MD5

      abfbeeced32bf0a03b8b0ceeea21e771

    • SHA1

      ccf3673a38497264821bfe9d67a97cc8af444915

    • SHA256

      c2d6f3cf4a462b03e9d0db53f41cee7ab3ec7ee6045492f52851392d874c609e

    • SHA512

      f2fb9f61d5f420271ab531e5b3829a1646a00b8a116a8759a4a88709d227f409e7545166284ad4a4cc0e0eac28473e633caee697d2432b412a63504bb404fa03

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Blocklisted process makes network request

    • Stops running service(s)

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks