GhostMiner: Cryptomining Malware Goes Fileless
released on 2018-03-26 @ 11:21:31 AM
The core activity of GhostMiner’s components was performed by a compiled malicious Windows executable. To stay undetected, the executable relied on a couple of nested PowerShell evasion frameworks - Out-CompressedDll and Invoke-ReflectivePEInjection, which employed fileless techniques to conceal the presence of the malicious program.