xmrig | c7e39dfd0f42a9a8254bca7c4c20c393dce022fcb011fe7170af1538767d620f | Triage

Sharing

General

Target

SecuriteInfo.com.PUA.Tool.Linux.BtcMine.2727.23728.20615
Size

5.7MB
Sample

211012-w4cs6adba3
MD5

769a36672cb4f421be3d3f717107eb3f
SHA1

42753ea01417cc246336bb17e4155433b881a7e5
SHA256

c7e39dfd0f42a9a8254bca7c4c20c393dce022fcb011fe7170af1538767d620f
SHA512

8ec7f4d8dab3521069fc0db29a97e0fbf3cdf75fd1696de9abef33cf6043425d040e9a9602d26e09216c855a8dddc80f2ee1ce5eb6544efa5785a35b3bef98bb

Score

10^/10

xmrig antivm linux miner

Malware Config

Targets

- Target
  
  SecuriteInfo.com.PUA.Tool.Linux.BtcMine.2727.23728.20615
- Size
  
  5.7MB
- MD5
  
  769a36672cb4f421be3d3f717107eb3f
- SHA1
  
  42753ea01417cc246336bb17e4155433b881a7e5
- SHA256
  
  c7e39dfd0f42a9a8254bca7c4c20c393dce022fcb011fe7170af1538767d620f
- SHA512
  
  8ec7f4d8dab3521069fc0db29a97e0fbf3cdf75fd1696de9abef33cf6043425d040e9a9602d26e09216c855a8dddc80f2ee1ce5eb6544efa5785a35b3bef98bb
Score

9^/10

antivm
- Attempts to identify hypervisor via CPU configuration
  Checks CPU information for indicators that the system is a virtual machine.
  antivm
- Reads CPU attributes
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3