General
-
Target
8dad514c01ce5564c635629f624bb0818fbd27d030bf74027b394b0ca8f673cd.elf
-
Size
1.8MB
-
Sample
240215-f4s75sae23
-
MD5
a0eb024cb13b9c02849ba0729f2e5b1b
-
SHA1
0f6eab3f3cfe650f138b03a9b21a325846f99181
-
SHA256
8dad514c01ce5564c635629f624bb0818fbd27d030bf74027b394b0ca8f673cd
-
SHA512
fe518d237e9fbbc88cb7ea7ea1c054fd80ab5e22b3251a77d17ad72e94a0b8a42031f52d13322c5d8e7325b27a2caed7b9b999676122e27ea35cf81852bed82a
-
SSDEEP
24576:XkPzFlYrTt2yK76bDStavvPdRWJ8XVxHUukz7bCquzozHvKI9U04C4Lf3Hf8OO9d:IxleJ2yaauGXGfiaHCIKU/Aw
Malware Config
Targets
-
-
Target
8dad514c01ce5564c635629f624bb0818fbd27d030bf74027b394b0ca8f673cd.elf
-
Size
1.8MB
-
MD5
a0eb024cb13b9c02849ba0729f2e5b1b
-
SHA1
0f6eab3f3cfe650f138b03a9b21a325846f99181
-
SHA256
8dad514c01ce5564c635629f624bb0818fbd27d030bf74027b394b0ca8f673cd
-
SHA512
fe518d237e9fbbc88cb7ea7ea1c054fd80ab5e22b3251a77d17ad72e94a0b8a42031f52d13322c5d8e7325b27a2caed7b9b999676122e27ea35cf81852bed82a
-
SSDEEP
24576:XkPzFlYrTt2yK76bDStavvPdRWJ8XVxHUukz7bCquzozHvKI9U04C4Lf3Hf8OO9d:IxleJ2yaauGXGfiaHCIKU/Aw
Score10/10-
Ouroboros/Zeropadypt
Ransomware family based on open-source CryptoWire.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Contacts a large (3802837) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
XMRig Miner payload
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-