xmrig | d69a4ac8bfe22dba19de78fdc31c1d13b6e1b57ffece505630a9c6becabbae2f | Triage

Sharing

General

Target

moobot-code.zip
Size

84.1MB
Sample

231114-javewshe96
MD5

70fe1f4cd3d8db188ee171fb5d765fee
SHA1

3ee9b894f9d1bf50f438c41ccde5e94abb8854b1
SHA256

d69a4ac8bfe22dba19de78fdc31c1d13b6e1b57ffece505630a9c6becabbae2f
SHA512

adf68a7d7f22321ebf5e7e2a06ad67607639cc689739761f0f38f19eb680693bc8682448577d7523a9bd61708f0272d658fb8026c61d8f7d906b5d8563cc9f3a
SSDEEP

1572864:NZHsToTzuuLWBGzt+v9lDB+MDs1PMDs1A66wGFQxfMvZPi4H8k73YnchteFJmyQ:NZMsuuvzt+/DB7s1us1APhQxEBV8k731

Score

10^/10

xmrig linux miner persistence upx

Malware Config

Targets

- Target
  
  shell-bot/22
- Size
  
  21KB
- MD5
  
  7e4c409f8f570a3ea7546be22566de2e
- SHA1
  
  0dbef070c9cee7e1288286ff75077ddfa8535389
- SHA256
  
  e58192b38de0def86eb3acc508120ef0041678bfb9fa5601cf6f7ceed7f71db0
- SHA512
  
  760f1758ac9ab23b3df23365767185bf3d92d6aea766adfd08ac288bfc8fb5c96eb5938704262b0cc3558db2adc250c184cb5b7f3cd73fa015ffddca240f9606
- SSDEEP
  
  192:RnxzjwsWskaDanX6JENuZYhz0h+fcfLBj4Yj+2FAm2McYBNWYnCVme+x7HQS:BWskamFsqGhR9j1pFp2McYBBnCVmfx
Score

7^/10

persistence
- Executes dropped EXE
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Uses Polkit to run commands
  Uses Polkit pkexec as a proxy to execute commands, possibly to bypass security restrictions.
- Writes file to system bin folder
behavioral1
- Target
  
  shell-bot/a.out
- Size
  
  21KB
- MD5
  
  8c56687f06e0717e3f5f32b5bb817fd9
- SHA1
  
  dbdbe3546f3df0c281599d47534333a9d3276fd9
- SHA256
  
  3891d593a1adad4f42e724e020fa4997a1412586b1baf7172b07b47a22ba268f
- SHA512
  
  b5c57cf372dd6eaac48ed232235cd2e54042d2ddbf8be4a9d9fbb5768eb4375020f6a24a2d86a85e5407a9cf93b345f31ceff818c0792c8f414356da7c5feb14
- SSDEEP
  
  192:RnxzjwsWskaDanX6JENuZYhz0h+fcfLBj4mfFW1KEqDudZj3XSBkFyJW5ZxPSi5s:BWskamFsqGhR9jDF9DudZjnugN
Score

1^/10
behavioral2
- Target
  
  shell-bot/cfs
- Size
  
  61KB
- MD5
  
  ae06aeeeca8b36a3cc2daca5db6ffd79
- SHA1
  
  1dd65107062d113b36a99d68c8e4c0c326d705b3
- SHA256
  
  0f2bf625544e5a5c862e1397776be27a62f2deb4e27dabb2391c2b16de2110f7
- SHA512
  
  1a9b2e623e82568c7bfcb652acdd51f4093260101a7fb03f46c441dc16482e636dadfc386b7bf3b5031443eaf9a69fa41ac62b774ef528fa1096a510456eb8da
- SSDEEP
  
  768:ysJEryYUeNMZeZr2H3iFF9J50A8XZqP99pJW3gObz/P:XEr1UeNsc2HEBGBZqNigQ/P
Score

7^/10
- Changes its process name
behavioral3 behavioral4 behavioral5 behavioral6
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/.RELEASE.NOTES
- Size
  
  5KB
- MD5
  
  d18b778062e27a20795bbdd6f646eb4d
- SHA1
  
  633252a8be46e2bf279d54420bf2861d2e73ae1d
- SHA256
  
  f3f194e3daf8273ec11a0089104d1bc92457193f2c1ca59fb4bc34ce016e425e
- SHA512
  
  04c55e9bffcd55e4768a87dd975cafc5e4ad1e13b1100542aaf7fd09b66283d65b94ec6fffbbefaae609150e8d0d6366f36d1234be6e241010a8af8b2e426d51
- SSDEEP
  
  96:Koi5NGNEUvAfKWEb6RXqVQZaJ0rp39zJYWTU18kopLhkIPDP6dcpXWMkG8XBlZaM:20z6XvNl5BOoFTPOqXWMkG8xZ
Score

1^/10
behavioral7 behavioral8
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/.bugreport.gdb
- Size
  
  2KB
- MD5
  
  31a71de1ebb62d64fe00461650a82c5c
- SHA1
  
  401d681e1dd1c7b4cb57112b90e257cb42d092ac
- SHA256
  
  d4ee94d5f6dd3d271600a4fb47aaadef3730d6af2e12589baa6ed655c4a4a1b3
- SHA512
  
  21800d75fa45a21c180105ce47f7d5a25d132db992d98b03530c2645db145d8577757a9e2b1bd84fb34bf467d8f11d55ea502df933aed15a30ff40010b25b0ea
Score

1^/10
behavioral10 behavioral9
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/Changes.old
- Size
  
  160KB
- MD5
  
  2aec8de09952e67b03c65d35955770cd
- SHA1
  
  d3dbaae5f3ef551e3d10802c3b21da394ebd1b07
- SHA256
  
  07e790277d014f6c90281121a8e078a0c7aba37b5f6635cb4743a638b6271198
- SHA512
  
  c6d8c00453784e09ffab24dc2efc7983b5ce582c8bdca1809e3fc506a031907a1810eca4d160d5b9f7ee2872f6d69e285d50d617a74064dad4a7b6731684035f
- SSDEEP
  
  3072:1OdkPnFqcm4K2TlKgzatYlWfHGxrdxNPLdLjgS5fcAdC1T:1Omq94KTkWfkxxtdLjgF5l
Score

1^/10
behavioral11 behavioral12
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/Config
- Size
  
  23KB
- MD5
  
  256df7a3136d4d70424b554a45dd2e57
- SHA1
  
  f98f5872f028a30cde9ec8c430dd18227951f3d4
- SHA256
  
  bdde872ca15a023b0bfb60e8ab4b7932dbbbea07f2f8d511f68c342b8c9ef2ed
- SHA512
  
  05aac0134dc25ac7acc18fe1c0709c341f4554e1687c5c82d2fa53d35cb49cef97235dfaebe9b4cd21e903c7b765bb58eecd04beb0dc1ae1804389cdb6949053
- SSDEEP
  
  192:gPDKkNrINXIV5nWH9WxSp5dnn9256gKb/xgFSvbBvwnnJisMtp9J6bOIO1i+zivO:gPDKIkN4V5nemlJ2HJB1fUF4H
Score

3^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/GCONV_PATH=./pwnkit.so:.
- Size
  
  26KB
- MD5
  
  57482257f12d62607de51835dfb75613
- SHA1
  
  61ac3e136ac6e6134b56e54350899e34bfb84713
- SHA256
  
  8f23b3d1cfc4e5194f7c1b57f860e3836bce9ad162b41f6473748b415d6ae771
- SHA512
  
  6c341b66ece101c40039cefb026519cbc20fa2840f5db90e31927bffc45c8a817b076fa858dcaec9648dd1030a2eb55af997ac795a71db0ef809eac0953b41f6
- SSDEEP
  
  384:WFBR12cdrGnjzdWhAPFYYaGyOiGmAT1k47FR4NIxiqboP1mw:WrR12cdQpWhAP+YqhGt5k4gAiqbodmw
Score

1^/10
behavioral17
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/autogen.sh
- Size
  
  123B
- MD5
  
  136b08737c80b889306b262f32a13a0b
- SHA1
  
  dd3a5c80dd6d9292d6eecb2534e40da721130a5b
- SHA256
  
  351d0e9e6d1bb1857b8ca5558ff19510e356ee6f138f442a4e0955382a97f3d1
- SHA512
  
  8dd6a2e5ed77deb28a0a043dc9506250a5380614a3d644422ea19c024946202078271b85ebe563aca37d55325dd0fbf0343aee5afda8bf1e9b3aeefa4d344d7e
Score

1^/10
behavioral18 behavioral19 behavioral20 behavioral21
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/config.status
- Size
  
  30KB
- MD5
  
  ca82dc5136ff1275cf68bbb1de152343
- SHA1
  
  c2512e6fc9563a7585f68c994bf76c35802d5343
- SHA256
  
  13aea7cf16b42ba877bba5b72dcab7eebaebf1444cb7b2120bf73bfd9bcc4a36
- SHA512
  
  e32e5e90d2b3320d1b9164fa0b9541cd87c3bf80ff7a1a8461418940a99985900b2381e1efb607c55b0d6f22c324eb4921d8ca187c33d351693d253cfa77269e
- SSDEEP
  
  768:zx9sUAthRp+Wy9bjpnXWIOjV/NNa6JJsgUqR:zx9sXthRi9/szjV/FJJsgUqR
Score

1^/10
behavioral22 behavioral23
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/configure
- Size
  
  225KB
- MD5
  
  00e7b0623a9f110fee203a71060ef77d
- SHA1
  
  03c2a263d4be56c4760ad5eb618f0c10d64f7f08
- SHA256
  
  3b80fce8538daa5619693f99b17dbca96617597eecc431d4117fee57063d9191
- SHA512
  
  9ef7bcfaf39f96530ff59233e73d9a7682374f3348bddd73efcbf34faae796ae2e772289ba3ab429c30b2d3b3606551a523cb2197ed10c4560ffcefe0f426e5f
- SSDEEP
  
  6144:3x9sXthkMmj4C4oRppnQ8QPTxoToVf8/8HdC2WctEUrh+B8Q+pDK6TvKlBziCQGJ:7XGD118
Score

1^/10
behavioral24 behavioral25
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/createchangelog
- Size
  
  543B
- MD5
  
  7ddf6ce541962e849723a39a0f60c7a2
- SHA1
  
  f0ea9e9513d9137bc0deb38ca5bb60d89d68344e
- SHA256
  
  53368243908f04c836b60e3acaf6575d25ddaec4e71c6ac3e963e35b6693b45d
- SHA512
  
  f85c66c11efe48e22798c783dc008676bf029d3c41a99a96e96b0d115376f8b55b1a1128adbac1d2088dbfa3c90dd053e0a51779dc96470cb9335fc1cf175365
Score

3^/10
behavioral26 behavioral27 behavioral28 behavioral29
- Target
  
  shell-bot/ftp-server/Unreal3.2.10.2/curlinstall
- Size
  
  1KB
- MD5
  
  5d78aaf352151e46568b71cac299db27
- SHA1
  
  21905e694605ef540f8274656c3c34e43dc281ed
- SHA256
  
  fa8d254f4987e0494e59ad0c33e9d3575b388b5dc341830a0ba61bd94bfc6aa1
- SHA512
  
  eb1925e4e00e3bbd02a7c28aac9b4fdf53834270090481e0c8ab5bc9f7d6673432c9c29a44525c74b4fcbd0566998a2b9a45e22853f2f8a5cd90297935f6a619
Score

1^/10
behavioral30 behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Hijack Execution Flow

Scheduled Task/Job

Privilege Escalation

Hijack Execution Flow

Scheduled Task/Job

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32