Overview

overview

10

Static

static

1

start.sh

debian-12-armhf

1

start.sh

debian-12-mipsel

3

start.sh

debian-9-armhf

10

start.sh

debian-9-mips

10

start.sh

debian-9-mipsel

10

start.sh

ubuntu-18.04-amd64

10

start.sh

ubuntu-20.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    start.sh

  • Size

    573B

  • Sample

    240320-1al7ysbe36

  • MD5

    badbf4901e27cdee108f6ea8ba30837e

  • SHA1

    e8f20bcae4ce68b777f43718b12125aa0cfdf6d8

  • SHA256

    e3a24865935df812072d57a87e460d5cbe1f5f45d6fb0f470f3182f55669e6bb

  • SHA512

    6a5e729fdad612340e1e2d4b347ada7c372db6c015b90fa126b50c74b6d356c619c3e9243b0b83fa1fc0eaf818b571afcd75fd9af34303c411c0d755353d5831

Score
10/10
xmrigxmrig_linuxantivmlinuxminerrootkit

Malware Config

Targets

    • Target

      start.sh

    • Size

      573B

    • MD5

      badbf4901e27cdee108f6ea8ba30837e

    • SHA1

      e8f20bcae4ce68b777f43718b12125aa0cfdf6d8

    • SHA256

      e3a24865935df812072d57a87e460d5cbe1f5f45d6fb0f470f3182f55669e6bb

    • SHA512

      6a5e729fdad612340e1e2d4b347ada7c372db6c015b90fa126b50c74b6d356c619c3e9243b0b83fa1fc0eaf818b571afcd75fd9af34303c411c0d755353d5831

    Score
    10/10
    xmrig_linuxminerxmrigantivmrootkit

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7

MITRE ATT&CK Enterprise v15

Tasks