General

  • Target

    2025-03-30_1451b02c5e5dc76b1a92646694c42d12_aspxspy_black-basta_ezcob_xmrig

  • Size

    5.0MB

  • Sample

    250330-tlxphavks3

  • MD5

    1451b02c5e5dc76b1a92646694c42d12

  • SHA1

    ff006ca297474ffa2a42991970e2e5c6a6ea2d4f

  • SHA256

    9365a31efe918927c5b457b801c98b857b5743db90a065e330bee852cb1c43e9

  • SHA512

    8873469e49e8336c409c42b5b1af4ff14620228da0d2d11d19b4bdc5a2746244fc822bd44207c3702a071309b3386fcd7152cd7b18b30dcb9c202db1dc20b143

  • SSDEEP

    98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8n:zbBeSFkF

Malware Config

Targets

    • Target

      2025-03-30_1451b02c5e5dc76b1a92646694c42d12_aspxspy_black-basta_ezcob_xmrig

    • Size

      5.0MB

    • MD5

      1451b02c5e5dc76b1a92646694c42d12

    • SHA1

      ff006ca297474ffa2a42991970e2e5c6a6ea2d4f

    • SHA256

      9365a31efe918927c5b457b801c98b857b5743db90a065e330bee852cb1c43e9

    • SHA512

      8873469e49e8336c409c42b5b1af4ff14620228da0d2d11d19b4bdc5a2746244fc822bd44207c3702a071309b3386fcd7152cd7b18b30dcb9c202db1dc20b143

    • SSDEEP

      98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8n:zbBeSFkF

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks