General
-
Target
vers1.bat
-
Size
393B
-
Sample
240625-ts9bwazgmc
-
MD5
ece9925dc634f1cc20e3fd7ff7a144bd
-
SHA1
8816112e72b7b64a668bf7214999d855a7e05bde
-
SHA256
a84009aa12f35d93284297647c2714df7f5b0a04d2e0732c689740920ea1421f
-
SHA512
bf80fdf5fa8c00a0ddb773bed073d33b67bf6189b87b803f6fea7071e49dfdeb86cf2142175d9287fbc7bcfd639c42d848e9331f8bc7e68dacaaa33901432243
Malware Config
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.bat
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip
Targets
-
-
Target
vers1.bat
-
Size
393B
-
MD5
ece9925dc634f1cc20e3fd7ff7a144bd
-
SHA1
8816112e72b7b64a668bf7214999d855a7e05bde
-
SHA256
a84009aa12f35d93284297647c2714df7f5b0a04d2e0732c689740920ea1421f
-
SHA512
bf80fdf5fa8c00a0ddb773bed073d33b67bf6189b87b803f6fea7071e49dfdeb86cf2142175d9287fbc7bcfd639c42d848e9331f8bc7e68dacaaa33901432243
Score10/10-
XMRig Miner payload
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Blocklisted process makes network request
-
Stops running service(s)
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-