Demystifying PKT and Monero Cryptocurrency deployed on MSSQL servers

SUMMARY :

This analysis examines a recent cryptocurrency mining operation targeting MSSQL servers, focusing on PKT Classic and Monero cryptocurrencies. The attack exploits vulnerabilities to deploy mining tools, including PacketCrypt for PKT and XMRIG for Monero. The process involves using Windows utilities and PowerShell scripts to download and execute malicious files. The miners consume significant system resources, potentially degrading performance and causing hardware wear. The attackers utilize GitHub repositories, obfuscation techniques, and multi-stage attacks to evade detection. The article provides details on the attack chain, wallet information, and file analysis, highlighting the sophisticated nature of the operation. Mitigation strategies include regular software updates, strong authentication measures, and robust antivirus protection.

OPENCTI LABELS :

exploitation,obfuscation,xmrig,cryptocurrency mining,monero,packetcrypt,pkt classic,mssql servers


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Demystifying PKT and Monero Cryptocurrency deployed on MSSQL servers