Overview

overview

10

Static

static

1

.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    .bat

  • Size

    406B

  • Sample

    241117-m6144axqex

  • MD5

    8a999fb795bb0f9712f636cd512d2369

  • SHA1

    993d13dec1223fb8109f2e0e68e77de12ea26269

  • SHA256

    1d5778d0a8fe83da7b01513ae7cb50e998b87b8554f16b0488b4b3c6b010a7c1

  • SHA512

    05e83fe2f6b8e0b3ff795b57cbfb946db0c5a4f0ab16070b1f838c011df1a6a0deb23ca05965ede0f8c86ba2c13440c9159590e0242f623f3d28640650036893

Score
10/10
xmrigevasionexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.bat

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

    • Target

      .bat

    • Size

      406B

    • MD5

      8a999fb795bb0f9712f636cd512d2369

    • SHA1

      993d13dec1223fb8109f2e0e68e77de12ea26269

    • SHA256

      1d5778d0a8fe83da7b01513ae7cb50e998b87b8554f16b0488b4b3c6b010a7c1

    • SHA512

      05e83fe2f6b8e0b3ff795b57cbfb946db0c5a4f0ab16070b1f838c011df1a6a0deb23ca05965ede0f8c86ba2c13440c9159590e0242f623f3d28640650036893

    Score
    10/10
    xmrigevasionexecutionminer

    • XMRig Miner payload

      miner

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks