General
-
Target
SecuriteInfo.com.PUA.Tool.Linux.BtcMine.2727.23728.20615
-
Size
5.7MB
-
Sample
211012-w4cs6adba3
-
MD5
769a36672cb4f421be3d3f717107eb3f
-
SHA1
42753ea01417cc246336bb17e4155433b881a7e5
-
SHA256
c7e39dfd0f42a9a8254bca7c4c20c393dce022fcb011fe7170af1538767d620f
-
SHA512
8ec7f4d8dab3521069fc0db29a97e0fbf3cdf75fd1696de9abef33cf6043425d040e9a9602d26e09216c855a8dddc80f2ee1ce5eb6544efa5785a35b3bef98bb
Behavioral task
behavioral1
Sample
SecuriteInfo.com.PUA.Tool.Linux.BtcMine.2727.23728.20615
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
SecuriteInfo.com.PUA.Tool.Linux.BtcMine.2727.23728.20615
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
SecuriteInfo.com.PUA.Tool.Linux.BtcMine.2727.23728.20615
Resource
debian9-mipsbe
Malware Config
Targets
-
-
Target
SecuriteInfo.com.PUA.Tool.Linux.BtcMine.2727.23728.20615
-
Size
5.7MB
-
MD5
769a36672cb4f421be3d3f717107eb3f
-
SHA1
42753ea01417cc246336bb17e4155433b881a7e5
-
SHA256
c7e39dfd0f42a9a8254bca7c4c20c393dce022fcb011fe7170af1538767d620f
-
SHA512
8ec7f4d8dab3521069fc0db29a97e0fbf3cdf75fd1696de9abef33cf6043425d040e9a9602d26e09216c855a8dddc80f2ee1ce5eb6544efa5785a35b3bef98bb
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-