Overview

overview

10

Static

static

10

bf8dc5eca5...c0cc28

linux_amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

  • Size

    8.6MB

  • Sample

    220518-z81ybshafm

  • MD5

    1f29fc7e6e27a5a7e92ce400cf2eaf2f

  • SHA1

    901d534f3fe2a57f660a9e344734f51fd9fbd869

  • SHA256

    bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

  • SHA512

    ab2e96abaa5d543656a72f3f97b8ae4fb857e8ceb0b73fbcf4f22e45eb39aeb95a61e6d5558c58ee32bfcafed381fb84ea48bf413875d23d98f634c6c3c45aea

Score
10/10
xmrigantivmlinuxminer

Malware Config

Targets

    • Target

      bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

    • Size

      8.6MB

    • MD5

      1f29fc7e6e27a5a7e92ce400cf2eaf2f

    • SHA1

      901d534f3fe2a57f660a9e344734f51fd9fbd869

    • SHA256

      bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

    • SHA512

      ab2e96abaa5d543656a72f3f97b8ae4fb857e8ceb0b73fbcf4f22e45eb39aeb95a61e6d5558c58ee32bfcafed381fb84ea48bf413875d23d98f634c6c3c45aea

    Score
    9/10
    antivm

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks