Binary Managed Object File (BMOF) Distributing XMRig CoinMiner

NetmanageIT OpenCTI - opencti.netmanageit.com

Binary Managed Object File (BMOF) Distributing XMRig CoinMiner



SUMMARY :

This analysis explores the use of Binary Managed Object Files (BMOFs) in distributing XMRig CoinMiner. BMOFs, compiled versions of Managed Object Files, are not inherently malicious but can be exploited due to their ability to execute scripts. The report details how threat actors utilize BMOFs with Permanent Event Subscription for malware persistence. It describes an attack case attributed to BondNet, where malicious BMOFs are created and executed through mofcomp.exe after compromising SQL servers. The process involves deleting the hosts file, creating guest accounts, downloading VBE files, configuring RDP connections, and executing XMRig CoinMiner. The malware is detectable by AhnLab MDS under specific signatures in sandbox environments.

OPENCTI LABELS :

xmrig,coinminer,bmof


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Binary Managed Object File (BMOF) Distributing XMRig CoinMiner