General
-
Target
run.ps1
-
Size
148B
-
Sample
240705-g11y9atelq
-
MD5
875745fc114004987f5921b8b7f632be
-
SHA1
421f0a88583c5d3b45d9daf71f287184b6ff149d
-
SHA256
93f7206c22debd87a0ba1fe9714b5439a3838ec85e794abf09d1f402b70c7ad4
-
SHA512
190dd20b835dc6cc5b9ff3cebf820439f017d964cabebdc9cd0fdb86a9ea169fc45dc1e176f1781c0a109484e245353ba8e02b9c9ffe322dff4e9fb36013ce56
Static task
static1
Behavioral task
behavioral1
Sample
run.ps1
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
run.ps1
Resource
win10v2004-20240704-en
Malware Config
Extracted
http://185.254.97.190:2024/test.txt
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip
Targets
-
-
Target
run.ps1
-
Size
148B
-
MD5
875745fc114004987f5921b8b7f632be
-
SHA1
421f0a88583c5d3b45d9daf71f287184b6ff149d
-
SHA256
93f7206c22debd87a0ba1fe9714b5439a3838ec85e794abf09d1f402b70c7ad4
-
SHA512
190dd20b835dc6cc5b9ff3cebf820439f017d964cabebdc9cd0fdb86a9ea169fc45dc1e176f1781c0a109484e245353ba8e02b9c9ffe322dff4e9fb36013ce56
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-