xmrig | 341824d382550110cffffec8f70af0519ef46f4524536c0489c9a0459f0c4b5a | Triage

Submit
Reports

Overview

overview

Static

static

7

cfbb801884...397ab9

ubuntu-18.04-amd64

Sharing

General

Target

cfbb80188473988925a9d08f4d397ab9
Size

969KB
Sample

231220-scb6rsheap
MD5

cfbb80188473988925a9d08f4d397ab9
SHA1

95996dc888b95a1380efb3e85dd4ad3cd324e960
SHA256

341824d382550110cffffec8f70af0519ef46f4524536c0489c9a0459f0c4b5a
SHA512

4efd90a2ff24719eec4ffaafde0e1aff0aeaf886b706258fe72d22491ddcbca973f0cdaa4a3b9a4207700330300692491e07d050d43eb105ce5e8ea3e0799204
SSDEEP

24576:vyq+SM78dZXOFFokWpUEftS4xk4ZBgVxhHhVHWq4i5Ej5H/g:D+SkgXOL3WSajZBgZ2q75EY

Score

10^/10

xmrig antivm linux miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cfbb80188473988925a9d08f4d397ab9

Resource

ubuntu1804-amd64-20231215-en

xmrig antivm miner persistence

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  cfbb80188473988925a9d08f4d397ab9
- Size
  
  969KB
- MD5
  
  cfbb80188473988925a9d08f4d397ab9
- SHA1
  
  95996dc888b95a1380efb3e85dd4ad3cd324e960
- SHA256
  
  341824d382550110cffffec8f70af0519ef46f4524536c0489c9a0459f0c4b5a
- SHA512
  
  4efd90a2ff24719eec4ffaafde0e1aff0aeaf886b706258fe72d22491ddcbca973f0cdaa4a3b9a4207700330300692491e07d050d43eb105ce5e8ea3e0799204
- SSDEEP
  
  24576:vyq+SM78dZXOFFokWpUEftS4xk4ZBgVxhHhVHWq4i5Ej5H/g:D+SkgXOL3WSajZBgZ2q75EY
Score

10^/10

xmrig antivm miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigantivmminerpersistence

© 2018-2024

Terms | Privacy