General
-
Target
4a66d7799c5454f6a5a7d9f0b7e4d198
-
Size
62KB
-
Sample
240108-eqz8vsaghq
-
MD5
4a66d7799c5454f6a5a7d9f0b7e4d198
-
SHA1
5ca124d0ef4f9a57437608d6f6a62997730f929a
-
SHA256
52bf41af1675913ec0b7b5c0e69f5afcf57343322691f8f8bb0da025337d5746
-
SHA512
8a4ab0ceca70a99ad8160ab07f416674cbb738b6ff0ddf922bde66f935673b69a933b77bb14288925b15f32285973e509b674252885792a77e5685cd0987f408
-
SSDEEP
1536:lF2cc2/OdOQvL06oCKBoWdAkKFOmm5air0TIg:lF2ccx5odoW2v47ccyIg
Malware Config
Targets
-
-
Target
4a66d7799c5454f6a5a7d9f0b7e4d198
-
Size
62KB
-
MD5
4a66d7799c5454f6a5a7d9f0b7e4d198
-
SHA1
5ca124d0ef4f9a57437608d6f6a62997730f929a
-
SHA256
52bf41af1675913ec0b7b5c0e69f5afcf57343322691f8f8bb0da025337d5746
-
SHA512
8a4ab0ceca70a99ad8160ab07f416674cbb738b6ff0ddf922bde66f935673b69a933b77bb14288925b15f32285973e509b674252885792a77e5685cd0987f408
-
SSDEEP
1536:lF2cc2/OdOQvL06oCKBoWdAkKFOmm5air0TIg:lF2ccx5odoW2v47ccyIg
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Changes its process name
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor
Disables AppArmor security module.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
Write file to user bin folder
-