John Patrick Lita
Dec 21, 2017 · 5 min read
Figure 1.0 Screenshot of random private message
Figure 2.0 A preview of the extracted Windows executable from the Facebook message spam
Figure 3.0 Decompiled output from Exe2Aut
Figure 4.0 The same decompiled output in its decrypted format
Figure 5.0 Network traffic details
Figure 6.0 Downloaded configuration file
Figure 7.0 Malware process log
Figure 8.0 Crypto malware process and file details
Figure 9.0 Monero miner configuration file
A quick search through github shows that the same account used for the monero miner has recently forked the xmrig project, which matches the same miner used in this campaign.

John Patrick Lita

Written by

Taho Vendor, Regular Taho and Strawberry Taho Flavor Available, Visiting Professor @ Saint Paul University Tuguegarao

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade