xmrig | 8c532c75e69633f78ddc761d556f162517e36dfcc09196abb371648e9aa52884 | Triage

Submit
Reports

Overview

overview

Static

static

8c532c75e6...84.elf

ubuntu-18.04-amd64

9

Sharing

General

Target

8c532c75e69633f78ddc761d556f162517e36dfcc09196abb371648e9aa52884.elf
Size

4.3MB
Sample

240605-rsd5maae44
MD5

c4bf5fcf869e339d6f9ea655345298a2
SHA1

e4d0f800040a1418204a7d75378c5772e552a303
SHA256

8c532c75e69633f78ddc761d556f162517e36dfcc09196abb371648e9aa52884
SHA512

64cd735d14cc7e61526cf5ff8551c71904dd5bdc706e1f88120677a42fa218b83fa8e47546cfd5c0e6340dab9f33f365192f166d5c41253e995a1258752ace04
SSDEEP

98304:c6OivwdJL4wiCuu/lF2avoworKDojE+jLN4pJYz6:c6OiGL4zuBoYt88JYz6

Score

10^/10

xmrig antivm discovery linux miner persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8c532c75e69633f78ddc761d556f162517e36dfcc09196abb371648e9aa52884.elf

Resource

ubuntu1804-amd64-20240508-en

antivm discovery persistence

ubuntu-18.04-amd64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  8c532c75e69633f78ddc761d556f162517e36dfcc09196abb371648e9aa52884.elf
- Size
  
  4.3MB
- MD5
  
  c4bf5fcf869e339d6f9ea655345298a2
- SHA1
  
  e4d0f800040a1418204a7d75378c5772e552a303
- SHA256
  
  8c532c75e69633f78ddc761d556f162517e36dfcc09196abb371648e9aa52884
- SHA512
  
  64cd735d14cc7e61526cf5ff8551c71904dd5bdc706e1f88120677a42fa218b83fa8e47546cfd5c0e6340dab9f33f365192f166d5c41253e995a1258752ace04
- SSDEEP
  
  98304:c6OivwdJL4wiCuu/lF2avoworKDojE+jLN4pJYz6:c6OiGL4zuBoYt88JYz6
Score

9^/10

antivm discovery persistence
- Contacts a large (1020898) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

antivmdiscoverypersistence

© 2018-2024

Terms | Privacy