Overview

overview

10

Static

static

7

sample_adb40.7z

ubuntu-18.04-amd64

sample_adb40.7z

debian-9-armhf

sample_adb40.7z

debian-9-mips

sample_adb40.7z

debian-9-mipsel

sample_adb...c5/a/a

ubuntu-18.04-amd64

10

sample_adb...c5/a/a

debian-9-armhf

10

sample_adb...c5/a/a

debian-9-mips

1

sample_adb...c5/a/a

debian-9-mipsel

10

sample_adb...sh.pid

ubuntu-18.04-amd64

sample_adb...sh.pid

debian-9-armhf

sample_adb...sh.pid

debian-9-mips

sample_adb...sh.pid

debian-9-mipsel

sample_adb...rt.pem

ubuntu-18.04-amd64

sample_adb...rt.pem

debian-9-armhf

sample_adb...rt.pem

debian-9-mips

sample_adb...rt.pem

debian-9-mipsel

sample_adb...ey.pem

ubuntu-18.04-amd64

sample_adb...ey.pem

debian-9-armhf

sample_adb...ey.pem

debian-9-mips

sample_adb...ey.pem

debian-9-mipsel

sample_adb...ir.dir

ubuntu-18.04-amd64

sample_adb...ir.dir

debian-9-armhf

sample_adb...ir.dir

debian-9-mips

sample_adb...ir.dir

debian-9-mipsel

sample_adb...swapd0

ubuntu-18.04-amd64

10

sample_adb.../a/run

ubuntu-18.04-amd64

3

sample_adb.../a/run

debian-9-armhf

3

sample_adb.../a/run

debian-9-mips

3

sample_adb.../a/run

debian-9-mipsel

1

sample_adb...a/stop

ubuntu-18.04-amd64

10

sample_adb...a/stop

debian-9-armhf

1

sample_adb...a/stop

debian-9-mips

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample_adb40.7z

  • Size

    7.5MB

  • Sample

    231219-p2pavahdg6

  • MD5

    d691d718adf7e9b74541d64890c440ae

  • SHA1

    dfce6750a8847bdb5e9c918d21ef9e7f0b76f564

  • SHA256

    497b9b887a390fc1d140d53afd34ff368a60f48cae6d205fb5b8a52ce45b4977

  • SHA512

    69b4645ccc9e8bdd1ee78f234d8203a7fac9a86eaf7b29129f1821107f9afbae849cc4f88bc1a0a657d72903fc72ed33ea8320c94ef871937e06447f6ed8415e

  • SSDEEP

    196608:3Spo/hpZd3507zUBQfYu96UCCVEZbj2rsPztL:CKhp/5IUBQfVwjrZbj/ztL

Score
10/10
xmrig_linuxantivmlinuxminerrootkitupx

Malware Config

Targets

    • Target

      sample_adb40.7z

    • Size

      7.5MB

    • MD5

      d691d718adf7e9b74541d64890c440ae

    • SHA1

      dfce6750a8847bdb5e9c918d21ef9e7f0b76f564

    • SHA256

      497b9b887a390fc1d140d53afd34ff368a60f48cae6d205fb5b8a52ce45b4977

    • SHA512

      69b4645ccc9e8bdd1ee78f234d8203a7fac9a86eaf7b29129f1821107f9afbae849cc4f88bc1a0a657d72903fc72ed33ea8320c94ef871937e06447f6ed8415e

    • SSDEEP

      196608:3Spo/hpZd3507zUBQfYu96UCCVEZbj2rsPztL:CKhp/5IUBQfVwjrZbj/ztL

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      sample_adb40/.configrc5/a/a

    • Size

      2KB

    • MD5

      b067abc476505eea79d2233ee3585626

    • SHA1

      15f7c9af535f4390b14ba03ddb990c732212dde8

    • SHA256

      ed9330e1594e73097dc6c8bf9f157de0d3799171a1967aaa43f9cd8629092f07

    • SHA512

      95211823aadc69ca8145339188cf90094afb28948ec8729fd4e208fdb0bff4fa3a5435574a12c51618c87916e3ecccfa8c4621b4e6f26c8c42ec8dd13a285fab

    Score
    10/10
    xmrig_linuxantivmminerrootkit

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads CPU attributes

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    behavioral5behavioral6behavioral7behavioral8

    • Target

      sample_adb40/.configrc5/a/bash.pid

    • Size

      5B

    • MD5

      7ec575242073388108c77ae12c5da3e3

    • SHA1

      b5826e72e96b9c261a005fc13056ea01ccc39aaf

    • SHA256

      5e92818aed32b4c391320b04b6184c9c170b829e86a2feda6dd6fa7fd9a8de12

    • SHA512

      ab496ae8d0b57caf071505a965549a34f8a3ff6d0c9603d91f40166eda0f10a15f1a79f6a4193752f37d5e41c3dd4bdf276c19ec9d1f15cc2c90c0032d72c259

    Score
    1/10
    behavioral10behavioral11behavioral12behavioral9

    • Target

      sample_adb40/.configrc5/a/cert.pem

    • Size

      964B

    • MD5

      f105826f39228e6e3ba7d12c91e28f7a

    • SHA1

      444d726ae77a7344f3628ef62a6452c67e040ce6

    • SHA256

      1caaf56f0962dd8e9830f44d7b46583cb459aac8cf21330c6bc84b4eab58978d

    • SHA512

      e72d6c1189215fc74eb498dbd62c327da2f3506fa15c07691a350e67ada7661620500b72ef4f0116dd153dc2d88a1ecc061e438c16c4d1840f25191d64239a4d

    Score
    1/10
    behavioral13behavioral14behavioral15behavioral16

    • Target

      sample_adb40/.configrc5/a/cert_key.pem

    • Size

      1KB

    • MD5

      d0b1705e475d4d502f1e850cb781e547

    • SHA1

      75ad273f70679b8a1cb745aa8ca07ee9794c2fdf

    • SHA256

      14312500855eb378b38f1bd71b0b71f10fe69006a5af03231f950d2caaee480e

    • SHA512

      b1eadb0ed1e2a080c5b019c31c04b1cabfdb073b9a2eae8e59957667916c039ab4bfb53057d3b53890e7c8a07c209aff2583e78ebda314c0d2fd5649313cf756

    Score
    1/10
    behavioral17behavioral18behavioral19behavioral20

    • Target

      sample_adb40/.configrc5/a/dir.dir

    • Size

      24B

    • MD5

      aee2a2038ef246a587d0fe10de59d13a

    • SHA1

      505462b064d9ec78139175a48e5fc2fc5446d1eb

    • SHA256

      ff568e7064bb91ae44e324f8ef66b9338fbf0319e851c77d63dd2ffc9d8112d3

    • SHA512

      2c10d2b068f04889fa00306656fca4faa8fbab8ec23a355d2c2316a616f829ca485ccb71689e22fb653d9f78e02ff800b77b93c673755e0ef3a6fbc8acaf14a2

    Score
    1/10
    behavioral21behavioral22behavioral23behavioral24

    • Target

      sample_adb40/.configrc5/a/kswapd0

    • Size

      2.1MB

    • MD5

      3b928d87be14aa661b14bb1c29636650

    • SHA1

      f2b4bc2244ea8596a2a2a041308aa75088b6bbd5

    • SHA256

      083e706194a92aa96825007dbcbaff4f64a0200c77a70cde17974be6716886e6

    • SHA512

      f98f718fce0a1e6312c96ab74929a8c84cf5b720b0f2a4578e8fadb55d0d002f56f90b092a863fa1f5a99a5441fff583920b0e0e0ff34d28a7166d29446421bc

    • SSDEEP

      49152:sexAtJHwlST44nnsrQTygWfeCD/AWgZYAIFtvXRPiD9mX:seVSTLsOyxD/rgZz4vpiD9mX

    Score
    10/10
    xmrig_linuxantivmminerrootkit

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    behavioral25

    • Target

      sample_adb40/.configrc5/a/run

    • Size

      338B

    • MD5

      9bcff13551c63e04a424343495971817

    • SHA1

      106db7e02d7059e59ed973c5ffd86ef0dba0a889

    • SHA256

      4077db2b73dbb05295692fd720de61ad5faf345b513cf671bb301265d327ed41

    • SHA512

      da6921da5d88ba26b70cb73bd5633a13ca24564e7523f3d212cfcb9387191202e7b01a27152062fe7ead561f7a48246ffa5051d972036378c1294ac3a3c80a73

    Score
    3/10
    behavioral26behavioral27behavioral28behavioral29

    • Target

      sample_adb40/.configrc5/a/stop

    • Size

      703B

    • MD5

      ff77f6a6f72a80258f484c99fdeb4626

    • SHA1

      36aa94b0ca1ced83d1a24f954f7e2113727797ef

    • SHA256

      d3bf59b23ca07761b6a13739894fec5516a47e388ea3cae9f54a076c0be81c54

    • SHA512

      4f18f5e91f2c791b27d5121a852f7457ba6c3e5193b510868dc412325978a96a60b303c0c1713fc13856c8827a39ee1c0476fb19b397f59a474e13b0896c003d

    Score
    10/10
    xmrig_linuxminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads CPU attributes

    behavioral30behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

xmrig_linuxantivmminerrootkit
Score
10/10

behavioral6

xmrig_linuxantivmminer
Score
10/10

behavioral7

Score
1/10

behavioral8

xmrig_linuxantivmminer
Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

xmrig_linuxantivmminerrootkit
Score
10/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

xmrig_linuxminer
Score
10/10

behavioral31

Score
1/10

behavioral32

xmrig_linuxminer
Score
10/10