Overview

overview

10

Static

static

1

script.ps1

windows10-1703-x64

10

script.ps1

windows10-2004-x64

10

script.ps1

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    script.ps1

  • Size

    148B

  • Sample

    240705-eqjacavclb

  • MD5

    aa65eb2fe66fba481e2718e252efe667

  • SHA1

    f2af6ec4b13215dbdfc9bc2e167dfe08e7be4579

  • SHA256

    44fde76cec9761d8e63e4a5908fc0b9e491a8bd1a93e792e637d346a62e1b6cd

  • SHA512

    9898936a9f41239d112c1d085c86fcc840058e7a6347666eef2de61d953d04c9c5cb7ac5825c475d227de1d2d79b2391d0f2e0b1a26006b8e9947b42af90808b

Score
10/10
xmrigevasionexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

    • Target

      script.ps1

    • Size

      148B

    • MD5

      aa65eb2fe66fba481e2718e252efe667

    • SHA1

      f2af6ec4b13215dbdfc9bc2e167dfe08e7be4579

    • SHA256

      44fde76cec9761d8e63e4a5908fc0b9e491a8bd1a93e792e637d346a62e1b6cd

    • SHA512

      9898936a9f41239d112c1d085c86fcc840058e7a6347666eef2de61d953d04c9c5cb7ac5825c475d227de1d2d79b2391d0f2e0b1a26006b8e9947b42af90808b

    Score
    10/10
    xmrigevasionexecutionminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks