Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bdr-pro/silent-penguin-malware-script

mining script can be injected to ligit exe to make the victim mine monero for you
https://github.com/bdr-pro/silent-penguin-malware-script

Last synced: about 2 months ago
JSON representation

mining script can be injected to ligit exe to make the victim mine monero for you

Awesome Lists containing this project

README 

        
# My mining virus

```diff

+ This is part of my malware devolping projects please make sure you follow any updates

```



![image](https://github.com/BDR-Pro/My-first-mining-malware-script/assets/91114465/ec89a426-1ae7-4535-8e32-b6e1468dd7c5)



![image](https://github.com/BDR-Pro/Silent-Penguin-malware-script/assets/91114465/6b4aca66-c217-4e6c-b95b-53b718bd9224)

[REPORT](https://www.virustotal.com/gui/file/5215d83ffe963bae62ff36e990c9cb1e3194ec7f1d189284077a16de6a42a62d/detection)



mining script can be injected to ligit exe to make the victim mine monero for yo

embeded to make with download the start and the word , runing the word directly 

start to make sure the mining task is persistance 



The provided text appears to be a PowerShell script with malicious intent, designed to conduct unauthorized activities on a targeted machine, typically associated with cyber threats such as malware or a crypto miner. Here's a breakdown of its key components and functionalities:



1. **Aliases and Variable Initializations**: The script starts by setting aliases for common PowerShell cmdlets, presumably to obfuscate its actions from casual observation or automated analysis tools.



2. **Remote File Downloads**: It constructs URLs from concatenated strings to download files from remote locations. This technique is often used to bypass simple string matching detection mechanisms.



3. **Execution of Downloaded Files**: After downloading, it executes the files, which is a common behavior in malware to run payloads retrieved from remote servers.



4. **Sleep Commands**: The script uses sleep commands to delay operations, possibly to evade time-based detection mechanisms.



5. **Obfuscation Techniques**: It employs character code arrays and string joins to hide the actual commands being executed, making analysis and detection more challenging.



6. **Disabling Security Features**: Commands such as disabling real-time monitoring and sample submission settings of Windows Defender indicate an attempt to weaken the host's defenses.



7. **Cryptocurrency Miner Installation**: The script downloads and installs XMRig, a legitimate tool often misused by attackers for unauthorized cryptocurrency mining on compromised machines.



8. **Persistence Mechanisms**: It makes modifications to system settings and places files in specific locations to ensure the miner runs continuously, including setting up the miner to start with Windows.



9. **Concealment**: The script sets files and directories to hidden, aiming to avoid detection by the user or simple file system scans.



10. **Execution with Elevated Privileges**: It attempts to run processes with elevated privileges, which is necessary for certain operations like modifying system settings or installing software without user prompts.



11. **Obfuscated Final Note**: The script ends with an encoded message, which, when decoded, seems to serve as a form of signature or a message from the author, indicating success in malware analysis if found.



This script is a serious security threat and should not be executed on any machine. If you've encountered this script during a security analysis or as part of an incident response, it's crucial to isolate the affected system, conduct a thorough investigation to understand the full scope of the compromise, and apply necessary remediation steps.