xmrig | 0f681d1319f07c6f236917cd6056d15c3c02ac5c02d7b4b2203015164bff6978 | Triage

Sharing

General

Target

php.tar.gz
Size

2.9MB
Sample

231121-taqf2sgb41
MD5

c05652d0255f62c33bb9e98b3424245b
SHA1

d83719fdde58dd392e9c154d41beccb0b57def4d
SHA256

0f681d1319f07c6f236917cd6056d15c3c02ac5c02d7b4b2203015164bff6978
SHA512

9db451a56cea4b1855f46f69d410e49b454be30c1dbc63a6401a6a34a26032fcc540e20d8e0de3370ef048038fb5c1021013a0254dfaea6a6fff078c64e028a0
SSDEEP

49152:dxsa5TNlGxp1AK9D6ysILkhdkOElJLMUgNUsZ2+zQLj6Sr3P7D86O/G777kS7WF/:dxQp1tOkOEjKNUa2+zQLuSbJO/buKwV0

Score

10^/10

xmrig antivm linux miner rootkit

Malware Config

Targets

- Target
  
  sample
- Size
  
  6.7MB
- MD5
  
  2ef83945d2afda1738f7ee57633c0e13
- SHA1
  
  04ab3bfb947c68e28ec232a1e68e2c9ef91f16b4
- SHA256
  
  9b59de678dc5976617d3858d17b502faa005dc74ec468de3405b3c06fe26b610
- SHA512
  
  92d4a5094a44bd39c327089f079182ab2f319362527de69fe8dd5112afbe9a602636a836f13600b51a7f5ec55453627ccefd882b6cc52ca0992f5daad5f3a10d
- SSDEEP
  
  196608:qGyx2Z/ccFGeLoC0Sbg7X+WloiMbqRoQ6:qsioQ6
Score

3^/10
behavioral1 behavioral2
- Target
  
  config.json
- Size
  
  2KB
- MD5
  
  d06a009c3e52ab714532771de43609f3
- SHA1
  
  bc8d2890666d3e82d38f231b3f64a8be2120e347
- SHA256
  
  35afe0c53bb71cc551eba0939bf83384c0ae20b47011d30dc48679313b2ca8d9
- SHA512
  
  e08b3c92ad4453e76ffcbb505eb3baefac1ae32b74b255b591d25983a5e59faad19a83f282d036e0d3107786f31358da1b800b257c49296cb4ee2842fe623db0
Score

3^/10
behavioral3 behavioral4
- Target
  
  php
- Size
  
  6.7MB
- MD5
  
  199b790d05724170f3e6583500799db1
- SHA1
  
  c0cab89a9dc3eb30f99d3577ffd82defda7dd03b
- SHA256
  
  20a0864cb7dac55c184bd86e45a6e0acbd4bb19aa29840b824d369de710b6152
- SHA512
  
  19e3d5a7ad43f89bda7303243bfa24ef0a91a2d6e1f2ec65a92cc5b13863ff45feddfd4141c0fec9148f30fd5a2fee5740eae237d03fe5f1c38de2e6b231ab1d
- SSDEEP
  
  196608:mGyx2Z/ccFGeLoC0Sbg7X+WloiMbqRoQ6:msioQ6
Score

7^/10

antivm rootkit
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Reads CPU attributes
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5