Overview

overview

10

Static

static

1

target.ps1

windows10-1703-x64

10

target.ps1

windows10-2004-x64

10

target.ps1

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    target.ps1

  • Size

    148B

  • Sample

    240705-g141xatemj

  • MD5

    0a4e407769142a877c1bbb9e539a423d

  • SHA1

    2dad5702e0d50548c40819336a9629ebf305fe86

  • SHA256

    787b88e6df0bb59c95806b2254556af3fb194de8baa62abcade2da6c892dcd52

  • SHA512

    4fe39f9b7daca0de30f23abb78dbdeaa7cff3d4b98f996586f0a7b5b1cfc7e862f6e9e6fdbf37ce6cc36daa14e62e03a6fa979728ff2ae1cbe510c36b5cf3374

Score
10/10
xmrigevasionexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

    • Target

      target.ps1

    • Size

      148B

    • MD5

      0a4e407769142a877c1bbb9e539a423d

    • SHA1

      2dad5702e0d50548c40819336a9629ebf305fe86

    • SHA256

      787b88e6df0bb59c95806b2254556af3fb194de8baa62abcade2da6c892dcd52

    • SHA512

      4fe39f9b7daca0de30f23abb78dbdeaa7cff3d4b98f996586f0a7b5b1cfc7e862f6e9e6fdbf37ce6cc36daa14e62e03a6fa979728ff2ae1cbe510c36b5cf3374

    Score
    10/10
    xmrigevasionexecutionminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks