General

  • Target

    2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig

  • Size

    5.0MB

  • Sample

    250330-tbyh2s11bt

  • MD5

    5515ecb998125dcf224f5668703d5ae0

  • SHA1

    9e0744f7bfe9c82990b38b01c324a0294309caed

  • SHA256

    ecfd4b61f4df109403654b73b1dd2c5a9f66888e5fe6410372b11f270c594887

  • SHA512

    35a2050f37b44522fa8f14defe5598de052c312e6c82a8fe6042549a51ed44f096608c450a3fdb740dbd773249b3d6de5c1cd4a3c1468af4a7a75d3fd3c01d23

  • SSDEEP

    98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8q:zbBeSFkk

Malware Config

Targets

    • Target

      2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig

    • Size

      5.0MB

    • MD5

      5515ecb998125dcf224f5668703d5ae0

    • SHA1

      9e0744f7bfe9c82990b38b01c324a0294309caed

    • SHA256

      ecfd4b61f4df109403654b73b1dd2c5a9f66888e5fe6410372b11f270c594887

    • SHA512

      35a2050f37b44522fa8f14defe5598de052c312e6c82a8fe6042549a51ed44f096608c450a3fdb740dbd773249b3d6de5c1cd4a3c1468af4a7a75d3fd3c01d23

    • SSDEEP

      98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8q:zbBeSFkk

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks