golang_generic_botnet | 7209361149706baa9059d776cc8e67104b44d73d4fc17e9836da997c00640870 | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...70.ps1

windows7-x64

JaffaCakes...70.ps1

windows10-2004-x64

8

Sharing

General

Target

JaffaCakes118_7209361149706baa9059d776cc8e67104b44d73d4fc17e9836da997c00640870
Size

640B
Sample

241225-gh1wjayrgx
MD5

07f4a138267c2c7816c6452e03f35a6d
SHA1

99bc5bffa4ab51627af531efb3f129588d442ae1
SHA256

7209361149706baa9059d776cc8e67104b44d73d4fc17e9836da997c00640870
SHA512

5c9005c81c39351cfc148ce6d5599caf083b9a6fc10c2ba99e0f3b691cf378f13a9fc61923930c47341e7f3213f6213501e18c6fdc3e1d1f9ba7de49654f970c

Score

10^/10

golang_generic_botnet xmrig botnet credential_access discovery evasion execution miner vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_7209361149706baa9059d776cc8e67104b44d73d4fc17e9836da997c00640870.ps1

Resource

win7-20240903-en

golang_generic_botnet xmrig botnet credential_access discovery evasion execution miner vmprotect

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_7209361149706baa9059d776cc8e67104b44d73d4fc17e9836da997c00640870.ps1

Resource

win10v2004-20241007-en

evasion execution

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_7209361149706baa9059d776cc8e67104b44d73d4fc17e9836da997c00640870
- Size
  
  640B
- MD5
  
  07f4a138267c2c7816c6452e03f35a6d
- SHA1
  
  99bc5bffa4ab51627af531efb3f129588d442ae1
- SHA256
  
  7209361149706baa9059d776cc8e67104b44d73d4fc17e9836da997c00640870
- SHA512
  
  5c9005c81c39351cfc148ce6d5599caf083b9a6fc10c2ba99e0f3b691cf378f13a9fc61923930c47341e7f3213f6213501e18c6fdc3e1d1f9ba7de49654f970c
Score

10^/10

golang_generic_botnet xmrig botnet credential_access discovery evasion execution miner vmprotect
- Golang Generic Botnet
  A botnet written in golang not attributed to a particular actor.
  botnet golang_generic_botnet
- Golang_generic_botnet family
  golang_generic_botnet
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- OS Credential Dumping: LSASS Memory
  Malicious access to Credentials History.
  credential_access
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Downloads MZ/PE file
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

OS Credential Dumping

LSASS Memory

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

golang_generic_botnetxmrigbotnetcredential_accessdiscoveryevasionexecutionminervmprotect

behavioral2

evasionexecution

© 2018-2025

Terms | Privacy