xmrig_linux | 0aa920ecef233dce94895ad1e258fa70855fbac8596d862e9a8266bb600c2a78 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

0aa920ecef...0c2a78

ubuntu-18.04-amd64

Sharing

General

Target

0aa920ecef233dce94895ad1e258fa70855fbac8596d862e9a8266bb600c2a78
Size

32KB
Sample

240509-hae5jahc78
MD5

2aee6dc8e5f8a6aeef78bd93cdbcd9b4
SHA1

98e3b6ce5b05a97a2b6c77a88f61f1a1f3d891f4
SHA256

0aa920ecef233dce94895ad1e258fa70855fbac8596d862e9a8266bb600c2a78
SHA512

de16183d16974d531fb123fb1c4065b7668cd554cf6ef48588d970e0562440164b9bc55dbe64c424ebf5798c2513d75d6dcaf8fa72d5ffa902ec7c7202e71531
SSDEEP

768:Dycp0iv+wlXrvIH+tBl+fnN5FRS2R/tX/NU38QV:m5ANmH+tB47DnRha38QV

Score

10^/10

xmrig_linux evasion linux miner rootkit

Static task

static1

Behavioral task

behavioral1

Sample

0aa920ecef233dce94895ad1e258fa70855fbac8596d862e9a8266bb600c2a78

Resource

ubuntu1804-amd64-20240508-en

xmrig_linux evasion miner rootkit

ubuntu-18.04-amd64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  0aa920ecef233dce94895ad1e258fa70855fbac8596d862e9a8266bb600c2a78
- Size
  
  32KB
- MD5
  
  2aee6dc8e5f8a6aeef78bd93cdbcd9b4
- SHA1
  
  98e3b6ce5b05a97a2b6c77a88f61f1a1f3d891f4
- SHA256
  
  0aa920ecef233dce94895ad1e258fa70855fbac8596d862e9a8266bb600c2a78
- SHA512
  
  de16183d16974d531fb123fb1c4065b7668cd554cf6ef48588d970e0562440164b9bc55dbe64c424ebf5798c2513d75d6dcaf8fa72d5ffa902ec7c7202e71531
- SSDEEP
  
  768:Dycp0iv+wlXrvIH+tBl+fnN5FRS2R/tX/NU38QV:m5ANmH+tB47DnRha38QV
Score

10^/10

xmrig_linux evasion miner rootkit
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Deletes log files
  Deletes log files on the system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads list of loaded kernel modules
  Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrig_linuxevasionminerrootkit

© 2018-2025

Terms | Privacy