xmrig | f425fa120bc1b3926ed92ed5cec74898f1d40c3059ae443f816a9e10a2699f80 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

sys.x86_64.elf

ubuntu-18.04-amd64

9

Sharing

General

Target

sys.x86_64.elf
Size

9.6MB
Sample

221104-anxbzabcam
MD5

17ffc737f22a14f14179506036852fdf
SHA1

20d067b1193b671799883f3d60d57e455d40205d
SHA256

f425fa120bc1b3926ed92ed5cec74898f1d40c3059ae443f816a9e10a2699f80
SHA512

cef55042ed1b316befac309bfdc65a0095becefc44f42f67822980ae6a11d7f556f871d214475f7e2cc7073b6d91d79659dfa9a402f5a8d234316ed118a6c7b8
SSDEEP

196608:fWARAvrX1RUqqMjuZgsD+9FYbgLCzQ0+:uVTFf3jiD+9FCg2zQ0

Score

10^/10

xmrig discovery linux miner persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

sys.x86_64.elf

Resource

ubuntu1804-amd64-en-20211208

discovery persistence

ubuntu-18.04-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  sys.x86_64.elf
- Size
  
  9.6MB
- MD5
  
  17ffc737f22a14f14179506036852fdf
- SHA1
  
  20d067b1193b671799883f3d60d57e455d40205d
- SHA256
  
  f425fa120bc1b3926ed92ed5cec74898f1d40c3059ae443f816a9e10a2699f80
- SHA512
  
  cef55042ed1b316befac309bfdc65a0095becefc44f42f67822980ae6a11d7f556f871d214475f7e2cc7073b6d91d79659dfa9a402f5a8d234316ed118a6c7b8
- SSDEEP
  
  196608:fWARAvrX1RUqqMjuZgsD+9FYbgLCzQ0+:uVTFf3jiD+9FCg2zQ0
Score

9^/10

discovery persistence
- Contacts a large (528930) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy