Overview

overview

10

Static

static

1

trigger.ps1

windows10-1703-x64

10

trigger.ps1

windows10-2004-x64

10

trigger.ps1

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    trigger.ps1

  • Size

    148B

  • Sample

    240705-nrtl5szerd

  • MD5

    5c83a346dccf035feb252605de22f437

  • SHA1

    9fa30e0c65283ea3b1c3e9e738ff952baee54606

  • SHA256

    783aa303eb647471321b8dab65679e7c615f6aa99af321b5e1171d46eacd5633

  • SHA512

    01b4472e4e0cc44a862fdfe6c1ba8dedbb1ba0488a1165728f5ccad6f4a3ca3dd75808752b1e73a9db3c29d7ccb612b5be2c711f83dd4b6a3d07ce482c9fd462

Score
10/10
xmrigevasionexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

    • Target

      trigger.ps1

    • Size

      148B

    • MD5

      5c83a346dccf035feb252605de22f437

    • SHA1

      9fa30e0c65283ea3b1c3e9e738ff952baee54606

    • SHA256

      783aa303eb647471321b8dab65679e7c615f6aa99af321b5e1171d46eacd5633

    • SHA512

      01b4472e4e0cc44a862fdfe6c1ba8dedbb1ba0488a1165728f5ccad6f4a3ca3dd75808752b1e73a9db3c29d7ccb612b5be2c711f83dd4b6a3d07ce482c9fd462

    Score
    10/10
    xmrigevasionexecutionminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks