Overview

overview

10

Static

static

10

xm.gz

windows7-x64

3

xm.gz

windows10-2004-x64

7

sample.tar

windows7-x64

3

sample.tar

windows10-2004-x64

7

aarch64

ubuntu-18.04-amd64

6

create

ubuntu-18.04-amd64

7

create

debian-9-armhf

7

create

debian-9-mips

1

create

debian-9-mipsel

1

hide

ubuntu-18.04-amd64

1

hide.c

windows7-x64

3

hide.c

windows10-2004-x64

3

init

ubuntu-18.04-amd64

3

mining

ubuntu-18.04-amd64

6

mining

debian-9-armhf

6

mining

debian-9-mips

6

mining

debian-9-mipsel

6

mkcfg

ubuntu-18.04-amd64

1

mkcfg

debian-9-armhf

1

mkcfg

debian-9-mips

1

mkcfg

debian-9-mipsel

1

start

ubuntu-18.04-amd64

10

start

debian-9-armhf

1

start

debian-9-mips

1

start

debian-9-mipsel

1

x86_64

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    4s
  • max time network
    132s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20/12/2023, 05:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    start

  • Size

    176B

  • MD5

    fe2ac6ae76a359f127213790c460496f

  • SHA1

    df036a0088e1f418cb6e618fae06cf6282e79452

  • SHA256

    0f1e5ab87d39835c6c28f242e68f7855a57813ef8e3e07091eee4f4d4f7ef78d

  • SHA512

    8e41371af2cca37fff463fa1fff44db1cb462c8bf65f93f0ba0779adcfb4c812e411baf00bd67a2e7c92ddb27d65894bb18e205d6ca0e588c81219ba1b272889

Score
10/10
xmrigminer

Malware Config

Signatures

  • XMRig Miner payload 2 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/start
    /tmp/start
    1⤵
      PID:1522
      • /bin/uname
        uname -m
        2⤵
          PID:1523
        • /bin/cp
          cp x86_64 mine
          2⤵
          • Reads runtime system information
          • Writes file to tmp directory
          PID:1524
        • /tmp/hide
          ./hide
          2⤵
            PID:1525
        • /tmp/create
          ./create
          1⤵
            PID:1529

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/mine
            Filesize

            4.6MB

            MD5

            1ba3f6f197a8ddd84cf30e29eed01ae9

            SHA1

            e63b06246de680ac8357fb2d2fb467c630b85dd2

            SHA256

            bbcdffd6fa3b1370dfc091bfd3bfca38be013f72f94af7ef29466d911c9604d8

            SHA512

            818f671bbe14e3b863511fc13fd83bf30fdf6c89240431d96b4d85105d99552c16f3e90ff52f90ce2e1cb3a14df37be6f99203eeb24ff0327245987d3ebeb3a3

            Download Submit