RunningRAT’s Next Move: From Remote Access to Crypto mining For Profit
Tags
Common Information
| Type | Value |
|---|---|
| UUID | c1cae89f-f9c6-4252-a5b0-87f021c6956a |
| Fingerprint | a510d813c127878f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 12, 2024, midnight |
| Added to db | Nov. 14, 2024, 4:12 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | RunningRAT’s Next Move: From Remote Access to Crypto Mining for Profit |
| Title | RunningRAT’s Next Move: From Remote Access to Crypto mining For Profit |
| Detected Hints/Tags/Attributes | 73/2/38 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://hunt.io/blog/runningrat-from-remote-access-to-crypto-mining |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | hunt.io | hunt.io |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | host404111.xyz |
|
| Details | Domain | 5 | xmrig.zip |
|
| Details | Domain | 3 | nssm.zip |
|
| Details | Domain | 129 | api.ipify.org |
|
| Details | Domain | 57 | hunt.io |
|
| Details | File | 4 | me.exe |
|
| Details | File | 1 | nnr.php |
|
| Details | File | 1 | netsysddl.exe |
|
| Details | File | 1 | 240634687.dll |
|
| Details | File | 1 | ini.ini |
|
| Details | File | 1 | c:\users\admin\appdata\local\temp\me.exe |
|
| Details | File | 6 | c:\windows\syswow64\svchost.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | c:\windows\syswow64 etsysddl.exe |
|
| Details | File | 1 | c:\windows\system32 etsysddl.exe |
|
| Details | File | 1 | c:\windows\system32\240634687.dll |
|
| Details | File | 1 | xmr-normal.bat |
|
| Details | File | 1 | xmr-unban.bat |
|
| Details | File | 5 | xmrig.zip |
|
| Details | File | 42 | 7za.exe |
|
| Details | File | 23 | xmrig.exe |
|
| Details | File | 2 | nssm.zip |
|
| Details | File | 3 | kill.exe |
|
| Details | File | 153 | config.json |
|
| Details | File | 20 | winring0x64.sys |
|
| Details | sha256 | 2 | b10884a495070c2f9ee183bbbb6d1b8f7351fc75d094f4bb212c38c859a6e867 |
|
| Details | sha256 | 1 | 6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910 |
|
| Details | sha256 | 1 | 152f1bf6b11eb2f8e0f31bce6853f7f9fa604164a429741ec0973f508f6520e1 |
|
| Details | sha256 | 1 | db312628b3001d24ca2836ab065bed9573f65158a3b31d97f009f44110c4a4cb |
|
| Details | sha256 | 2 | c55a1c1e2d0623fd7c5b2224e2e5a7b6f053f997080fb4f3d37a37d1b9ce807a |
|
| Details | sha256 | 2 | 27a823c06e68b5f32c2331ef89de4f1de1773f39449a3509b3f397c3c4376cad |
|
| Details | sha256 | 2 | e8d595834bb500f0bb3ad688fe7307e3a182229f3ef16a16549c9797cf1d8985 |
|
| Details | sha256 | 2 | 175d861d8f1337df6a0aafb845c2b7967d0c1ecd8c230e345d75d557440f15e5 |
|
| Details | sha256 | 2 | 54409f5edb22b2c84de1ff5e6a76dd4b34d5acde60a0777f16251ccf4849929f |
|
| Details | sha256 | 6 | 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 |
|
| Details | sha256 | 2 | b69bf007797fdfecc90c5511dde776dc6c18c48cddec2804753533dbee4af80d |
|
| Details | IPv4 | 1 | 139.162.102.163 |
|
| Details | IPv4 | 1 | 24.199.123.1 |