Overview

overview

10

Static

static

1

trigger.ps1

windows10-1703-x64

10

trigger.ps1

windows10-2004-x64

10

trigger.ps1

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    trigger.ps1

  • Size

    148B

  • Sample

    240704-3xlaaawgmq

  • MD5

    f894b24ca3109bdc8167d849a1e19660

  • SHA1

    5d295d603c423498aa3c80fcd35e328df13fd7fc

  • SHA256

    e68ae28adfa6a3fb898e890520e0c3eda33dbbe071d5503b4eeb440c93cd538a

  • SHA512

    0b8ee8cc214b559e79a6c0029ac2cd4df6a8c5a8dc22f756632bbdacee996cca023a20944e8a0117ba285ddd201c128a9184ab57210f0dd6e4c2a7eddb108ee9

Score
10/10
xmrigevasionexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

    • Target

      trigger.ps1

    • Size

      148B

    • MD5

      f894b24ca3109bdc8167d849a1e19660

    • SHA1

      5d295d603c423498aa3c80fcd35e328df13fd7fc

    • SHA256

      e68ae28adfa6a3fb898e890520e0c3eda33dbbe071d5503b4eeb440c93cd538a

    • SHA512

      0b8ee8cc214b559e79a6c0029ac2cd4df6a8c5a8dc22f756632bbdacee996cca023a20944e8a0117ba285ddd201c128a9184ab57210f0dd6e4c2a7eddb108ee9

    Score
    10/10
    xmrigevasionexecutionminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks