General

  • Target

    2025-03-30_ad3d6e60d78393a8be5d0afd8a53a471_aspxspy_black-basta_ezcob_xmrig

  • Size

    5.0MB

  • Sample

    250330-tfe79svjs2

  • MD5

    ad3d6e60d78393a8be5d0afd8a53a471

  • SHA1

    5796e9fcc9972bf737159b984ff480cb108c5c1f

  • SHA256

    1233018cb553c974159aebf70e2e5f8396b62face2ba1285b2ba5e1583829799

  • SHA512

    c20e54fdc718b6e3e08e3e8f9d4360f516e7d702459356b1d00d2aad0060bbe9a38ee625ea459e75961b17c047a5e7d222af92534eda9173fab05252168a17b4

  • SSDEEP

    98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8g:zbBeSFkS

Malware Config

Targets

    • Target

      2025-03-30_ad3d6e60d78393a8be5d0afd8a53a471_aspxspy_black-basta_ezcob_xmrig

    • Size

      5.0MB

    • MD5

      ad3d6e60d78393a8be5d0afd8a53a471

    • SHA1

      5796e9fcc9972bf737159b984ff480cb108c5c1f

    • SHA256

      1233018cb553c974159aebf70e2e5f8396b62face2ba1285b2ba5e1583829799

    • SHA512

      c20e54fdc718b6e3e08e3e8f9d4360f516e7d702459356b1d00d2aad0060bbe9a38ee625ea459e75961b17c047a5e7d222af92534eda9173fab05252168a17b4

    • SSDEEP

      98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8g:zbBeSFkS

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks