Overview

overview

9

Static

static

cpuminer-avx

ubuntu-18.04-amd64

9

cpuminer-avx2

ubuntu-18.04-amd64

9

cpuminer-avx512

ubuntu-18.04-amd64

9

cpuminer-a...a-vaes

ubuntu-18.04-amd64

9

cpuminer-ryzen

ubuntu-18.04-amd64

9

cpuminer-sse2

ubuntu-18.04-amd64

9

cpuminer-sse2amd

ubuntu-18.04-amd64

9

cpuminer-sse42

ubuntu-18.04-amd64

9

cpuminer-sse42-aes

ubuntu-18.04-amd64

9

miner-avia...urx.sh

ubuntu-18.04-amd64

5

miner-avia...urx.sh

debian-9-armhf

5

miner-avia...urx.sh

debian-9-mips

5

miner-avia...urx.sh

debian-9-mipsel

5

miner-bellcoin.sh

ubuntu-18.04-amd64

5

miner-bellcoin.sh

debian-9-armhf

5

miner-bellcoin.sh

debian-9-mips

5

miner-bellcoin.sh

debian-9-mipsel

5

miner-bitweb.sh

ubuntu-18.04-amd64

5

miner-bitweb.sh

debian-9-armhf

5

miner-bitweb.sh

debian-9-mips

5

miner-bitweb.sh

debian-9-mipsel

5

miner-dms.sh

ubuntu-18.04-amd64

5

miner-dms.sh

debian-9-armhf

5

miner-dms.sh

debian-9-mips

5

miner-dms.sh

debian-9-mipsel

5

miner-goldcash.sh

ubuntu-18.04-amd64

5

miner-goldcash.sh

debian-9-armhf

5

miner-goldcash.sh

debian-9-mips

5

miner-goldcash.sh

debian-9-mipsel

5

miner-gxx.sh

ubuntu-18.04-amd64

5

miner-gxx.sh

debian-9-armhf

5

miner-gxx.sh

debian-9-mips

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cpuminer-opt-linux.tar.gz

  • Size

    29.7MB

  • Sample

    220823-arsg7aaaa2

  • MD5

    0b773285c0a1fdac83d6e95f9683ede7

  • SHA1

    95eac09f4196e85d43cec51845d3e197bb08facd

  • SHA256

    5d06a06657e2aa03900f4129417cf926a973eded6b99ba2efd340f873aac4d89

  • SHA512

    8b8bfccc387eccbc721e55b18cff1807b3d52d5cad0579ac4fb3bbaf0f9d18fe7929f1205c7738e2b879994802f0aacefb500ac4fb7060763b64e8cf9ef032c7

  • SSDEEP

    393216:cOVTEn2XOhLPlKlEncd4qT4Ohvu8KhL24FxPbJPaqw5dREwFA0o8bMsafZQcLmJG:v5EdhLoHWlhKqw5oYA2VSZQBhyFP

Score
9/10
antivmbackdoorlinux

Malware Config

Targets

    • Target

      cpuminer-avx

    • Size

      3.2MB

    • MD5

      02b6b5e9274918179eda364663fe2e28

    • SHA1

      b282c07e72207c344cbc0404db6e2afd251b5c49

    • SHA256

      8fc97fb3a1865f81344c116f8011ff79795159233328e1c46724302e5e913254

    • SHA512

      702a5eee877c6b66ca6d6b70cdb2272c715ddbae406410ff6ec01c428ed4670f5c8eb45e2c2f0d8d3f48309118282adaa6683cec2fcbdc1bec4ae3f3abf19fdf

    • SSDEEP

      98304:i3yIsBm3Ciu07rz5tHbSlx2NuiaDG60VX/niEhx9:i3yTkCp07rz5tHbSfW60VX/n/D

    Score
    9/10
    antivmbackdoor

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      backdoor

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

    • Target

      cpuminer-avx2

    • Size

      3.5MB

    • MD5

      193af5198b641c531f00da1c2ac0ca0c

    • SHA1

      8694f52efd9ad73a9007e3045c6acab040a4df72

    • SHA256

      94dc9a4d6ae9fee9ff6be71ee878b75f7e33f2a029470d36d77d70094ed04547

    • SHA512

      cb52064b3c6d21fe279cfd22d1fa5f8d744aff5218f74200866fc195dc7f743511ec618ca258581da94591f36b461f379c5df9a1cbb29405a5139681eca9b0e8

    • SSDEEP

      98304:InvFuMs/Ju7aio+NzUbrYYflcSHlQZpdEKLI3S:IvFV7y+puYYSOWZpdE+I3S

    Score
    9/10
    antivmbackdoor

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      backdoor

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral2

    • Target

      cpuminer-avx512

    • Size

      3.6MB

    • MD5

      c68379421505644e1655acc63cbade20

    • SHA1

      8873aee0e6656be5ebae0aee34026aa1ebf82547

    • SHA256

      1e7edb6509750121048bd1b6582225d4848ea884a67dc894fc23abd05a60529a

    • SHA512

      9163544e966d002dd61d8d63e77433e86a6867d96b107b0b2031ed7856f3793f9432f6cf6d539f2b2dcba316284558b5151c82decf46eb1003c541c7734314a3

    • SSDEEP

      98304:F45DSFWV25fOCWgvKUiH3/2EoVo6dA/uRgqwsIsWWGaKhUJ4uF:W9+2Cf8/2EQo2A/Xq5WWGRhUJ44

    Score
    9/10
    antivmbackdoor

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      backdoor

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral3

    • Target

      cpuminer-avx512-sha-vaes

    • Size

      3.6MB

    • MD5

      46fad23225af87706a1372bdc10f77db

    • SHA1

      b7c3703a50a4edd190c17e38e01e2f5d43edad71

    • SHA256

      965255a7896066fe5c6a2c2592fd096ac25c87ccb8123e39eb7601c64a7b9524

    • SHA512

      88e9473e6cc5d44840bc9af01908c07feae171413d32596fe51d3d02a776f80846fd4e4fef378d7539d74d4ec1affb5b01c021ce05c3936279f301e4a0c15621

    • SSDEEP

      98304:hz4cocPpix6D1pnCdRklDX3bZjuQVK+of5qI+78vlFnDH:hk8Mx6xYdRsrb0QVK+u+wjnb

    Score
    9/10
    antivmbackdoor

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      backdoor

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral4

    • Target

      cpuminer-ryzen

    • Size

      3.4MB

    • MD5

      fc9a164439f2f975e0377a1565d55417

    • SHA1

      0c8a931c7750344dc1d4196507f4af5a5284ddca

    • SHA256

      af720d367102e891d8d2ed6647195d5433471cdfe652716a77e362c7098d47c3

    • SHA512

      70267de94686eb5a9eaaf71054044932a89d0e84215d36e85b6d7adf9a9f185c44f322b3b46bf371ac98283ba7462c2bf4b01897e2172c3ecc86a6a7a5531705

    • SSDEEP

      98304:af1HN8UlDsiDl66LJxPXhGqMcuURSF29ewUiy:mN8UlDg6LJx/gqXnSaewu

    Score
    9/10
    antivmbackdoor

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      backdoor

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral5

    • Target

      cpuminer-sse2

    • Size

      3.2MB

    • MD5

      7273637f4fde73585f1e074921b2359c

    • SHA1

      a85e38278ea9b1ccc1740fea1e82498732432158

    • SHA256

      e89981c186899f607bd38382415c1e126849da233ae1b233609b7b6a583452d3

    • SHA512

      ea99845b1c88ff62e48c15956da8249ad829c29e6505bcdc93bf16be51d9b55508b76686edbab7ffedf08c3c1b54408b698411cfa589ecd1b29fc31ddbedad82

    • SSDEEP

      98304:TSQ4pADy3YiOmOpvyemzRh7yDFRdWrRUmCr5ngHz2RzW:TStADy7Y3ahU1gLS5gTMq

    Score
    9/10
    antivmbackdoor

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      backdoor

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral6

    • Target

      cpuminer-sse2amd

    • Size

      3.2MB

    • MD5

      e5c76bca6507e08e5de72a687364ae5e

    • SHA1

      8586c089c1026e56c1b8403ebedc061be86144aa

    • SHA256

      e4431c67a156033fbb46cce85e9487fa793380c06ce8a9900e84c97e7187fef6

    • SHA512

      f748cac2a2b7d100ebbd6d0a12485880f7e4f6be770f84654bd79605c60bbd4a0eb9f15444b8e516b47350ce0d034113c33ea8a013d330370ce06c43786eb91d

    • SSDEEP

      98304:0c/z0DDKNX1opLFyp7GsFBQoErNK3c/nF:0c/gDKjopKl5EP

    Score
    9/10
    antivmbackdoor

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      backdoor

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral7

    • Target

      cpuminer-sse42

    • Size

      3.2MB

    • MD5

      3ccc34e103c7f4eb6d7b23ec1323ca90

    • SHA1

      ab9e95b3963b2edf9ccfe5e26da132090a300447

    • SHA256

      565f45f486748af9fa98840e07fce025a2a50c9980fbad02beb9fd77f59413bf

    • SHA512

      6c485103b75e6e3cc4434336a5fb1b1f196fd54f432c9568cac5757fe4e7ac069d4616e8cfaa2e2db6581f0580b3e4c9683cd815d2f9f22112ba426b0b1f16d1

    • SSDEEP

      98304:OOduzXdTrLEMyJlX1ezluLzoQt1okOQfe4YumqMn:90/r0l80Lpok7WqMn

    Score
    9/10
    antivmbackdoor

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      backdoor

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral8

    • Target

      cpuminer-sse42-aes

    • Size

      3.2MB

    • MD5

      dc66aa8c223623a54723b6ec752c3637

    • SHA1

      20b14f646270130c4d7b178a335528221b9033ba

    • SHA256

      34817835b29d779397fc9d7e762bc9b4f5073a51e5b448913f5dd1f1612de2cf

    • SHA512

      d6aa8fb46c3d8622b32b1aa94258678ef5d210133bdcaefa44ed781457c3d42a5a486caadfbdfb20a8ac4b09b335d4a42ac9bf6f06d7c7b81ed0414499b35c6d

    • SSDEEP

      98304:2JQFmL8in0RlRWcwoomg/RZwkFlH/OmHWqGUaerU5dj:ohgRwLmcRGkFlHWmZrUvj

    Score
    9/10
    antivmbackdoor

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      backdoor

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral9

    • Target

      miner-avian-minotaurx.sh

    • Size

      376B

    • MD5

      84caf2054bbae6b60875e06310299378

    • SHA1

      1b0ef23e1c61e67322a36b935150e4809235d1db

    • SHA256

      d9cfb46648a5bf259dec1a91996ac1530e09d01341d05d343de18892f5691d7b

    • SHA512

      08625fb771a1590226a061b3d394191a8a089fd7c2ccd65ecadbbdb11316bb041470d0fd0f01f370a40aa0df5e2de3f412d026ee179af4bf83dfd3e4af2042f1

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral10behavioral11behavioral12behavioral13

    • Target

      miner-bellcoin.sh

    • Size

      382B

    • MD5

      6ddc74d0b728c2871d0064adeb81c5e0

    • SHA1

      809b8c2433df3f002db5bb83f5a12586f3bcfd41

    • SHA256

      91f47e78b1e0a8ec97c6e3a8c41ec9723d60fc336aa5d963f5d4e505715b1b93

    • SHA512

      87b4280900dc8ab55016f9dad2e03674714343994d357fd6087417885077779f3cac729be6dd26dc0eb744954c4b75ba9acda9014edc7671b214737da374d4b0

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral14behavioral15behavioral16behavioral17

    • Target

      miner-bitweb.sh

    • Size

      375B

    • MD5

      635faae5d202133e2fb49818cf9670ec

    • SHA1

      5918e21158cc02a1491558a9d6a90d3fb8c740fc

    • SHA256

      14b865dc67537e627f0c28ed49030873f58901f6bfb1455f5eaaf4a28c4a8845

    • SHA512

      36309521194a0cb086cd257e464583fc1e7594d8c8fa8f3eb2c2a17d28e129119aade4392317587e4ce4f25667315c09d458abc59ccbe92402f3a5a4c98dedc3

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral18behavioral19behavioral20behavioral21

    • Target

      miner-dms.sh

    • Size

      378B

    • MD5

      8c1768f93cf5a039a0c34e1136068623

    • SHA1

      6cb2ef7774d919f55a0eb8171ac26c46f9a434a8

    • SHA256

      d6fec69fb25240c83b67df1930a35a38d8581b633eee609c1adc29bea5b37eb9

    • SHA512

      9dc0e3e6f0751ef79726bad79b503831f1798f951f6970c36e373e20f37488fef48eb19447dd618a80f119761877bb50313de0914649f7d97b8b11b2fb32a36a

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral22behavioral23behavioral24behavioral25

    • Target

      miner-goldcash.sh

    • Size

      385B

    • MD5

      a6ce27365dfe4ec79dc59240de8860be

    • SHA1

      822c20040f7a27b9604b205d7593741490fe96cb

    • SHA256

      22b8949e17458b0472bd1b7ab9e683f28b7ccc3f884e30cc1367e6b2b1192c26

    • SHA512

      68dc463b782f4799388ebe9c4464a74990829aea0b17d2e40590d4f7552c4a7baefb8a89071f0fcdc35a23d0003e47653a15beca870854f4a4e5c983d74e7c54

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral26behavioral27behavioral28behavioral29

    • Target

      miner-gxx.sh

    • Size

      376B

    • MD5

      815d71a257efa0fcc1b49aadb2b14afc

    • SHA1

      7c24eeb24e33910b1d52a41aded5b1a5b03b52b6

    • SHA256

      3fade3150cec25ade9092ae96a178f62fda63ee2320bfd36916110be81875ccb

    • SHA512

      5e7d3487654e4f47f03087e9f811da2eb1a8fbdfeb5e4193c452c8dee66a616b7c7707968e57db60390fb9d23c4c969fdc5977179ca5a0e5a42cfa9464f0ad9d

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral30behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

antivmbackdoor
Score
9/10

behavioral2

antivmbackdoor
Score
9/10

behavioral3

antivmbackdoor
Score
9/10

behavioral4

antivmbackdoor
Score
9/10

behavioral5

antivmbackdoor
Score
9/10

behavioral6

antivmbackdoor
Score
9/10

behavioral7

antivmbackdoor
Score
9/10

behavioral8

antivmbackdoor
Score
9/10

behavioral9

antivmbackdoor
Score
9/10

behavioral10

Score
5/10

behavioral11

Score
5/10

behavioral12

Score
5/10

behavioral13

Score
5/10

behavioral14

Score
5/10

behavioral15

Score
5/10

behavioral16

Score
5/10

behavioral17

Score
5/10

behavioral18

Score
5/10

behavioral19

Score
5/10

behavioral20

Score
5/10

behavioral21

Score
5/10

behavioral22

Score
5/10

behavioral23

Score
5/10

behavioral24

Score
5/10

behavioral25

Score
5/10

behavioral26

Score
5/10

behavioral27

Score
5/10

behavioral28

Score
5/10

behavioral29

Score
5/10

behavioral30

Score
5/10

behavioral31

Score
5/10

behavioral32

Score
5/10