General
-
Target
de9318c14c1ed0dac6602890e45ef385.bin
-
Size
1.8MB
-
Sample
231231-ctg6cagga8
-
MD5
133781b9a5591df3287e6fd155dcb31e
-
SHA1
5d214c01063bc4d6a0de80ad737c291d63c074c8
-
SHA256
c90378568fd17e6b143212f3d021ecfe3d292a836c2286c44331ff5822b784fa
-
SHA512
e9f4a9a01b4d272fb9b19dd7c1bb18dcb3b3605abc5e8ca4267b4a1b0a8d75b7697043210fb5ae11b5e3381f031a7a14da0d6ea96adc2ca8363630b94ff33f8d
-
SSDEEP
49152:RNOhSiaBkG7tGoDfDJ52qL4L6e6MV8jZMLz+Wfl2l97uEhi0vieY0e:RkQiaBkCjD5C5tGN6+Y2j7vPa5N
Malware Config
Targets
-
-
Target
eb609a31f3798e3c754f1f0198c55b5445fdb692969e19521a55f8792758dc2d.elf
-
Size
1.8MB
-
MD5
de9318c14c1ed0dac6602890e45ef385
-
SHA1
9b1c40475476b78943b7dcadba2067d3358d7b38
-
SHA256
eb609a31f3798e3c754f1f0198c55b5445fdb692969e19521a55f8792758dc2d
-
SHA512
216775f7be2c0f424b9673a7d602bde315f45b56d79248fe472a985230bd0913d062b67e0be50bd9ee8bcdc9ad71e09d9c92f8a8bb456c031d380f450e36f34f
-
SSDEEP
49152:T5pkPvQApg3Fy7m4KLsAVPbjqd+eJAM99:TPkAQ2sMj276MP
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Contacts a large (262625) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
XMRig Miner payload
-
Changes its process name
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-