xmrig | c5845905301cb177cd5ba386ab909a43ed5263ddbbc470ab0da8ef8c8bc82abf | Triage

Sharing

General

Target

s.bat
Size

1KB
Sample

241221-sj7w1ssjak
MD5

1e64009a55d5a9eb64fd903f621e5ae0
SHA1

0e5de7ecc2363d16ac2ae8f244d895cff70d6cdb
SHA256

c5845905301cb177cd5ba386ab909a43ed5263ddbbc470ab0da8ef8c8bc82abf
SHA512

2b28221714861951beeb73247a7ab58f4e68d3510e030d25787a13c6c715cea2b82d51cb1f262736dde8738e9ceb59420b4d4dc724524ece75a6a13978da8695

Score

10^/10

xmrig execution miner

Malware Config

Targets

- Target
  
  s.bat
- Size
  
  1KB
- MD5
  
  1e64009a55d5a9eb64fd903f621e5ae0
- SHA1
  
  0e5de7ecc2363d16ac2ae8f244d895cff70d6cdb
- SHA256
  
  c5845905301cb177cd5ba386ab909a43ed5263ddbbc470ab0da8ef8c8bc82abf
- SHA512
  
  2b28221714861951beeb73247a7ab58f4e68d3510e030d25787a13c6c715cea2b82d51cb1f262736dde8738e9ceb59420b4d4dc724524ece75a6a13978da8695
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2