xmrig | 53c1d970620307475470590f96554f5ebf9da7a7a645533e4af17bbd00156c6f | Triage

Submit
Reports

Overview

overview

Static

static

8c532c75e6...84.elf

ubuntu-18.04-amd64

9

Sharing

General

Target

c4bf5fcf869e339d6f9ea655345298a2.bin
Size

2.0MB
Sample

240606-d7ykxsgf69
MD5

9fdd1fe39f68fb1db9b9b40fdb916cd4
SHA1

7dd4180a7568aad664ce1bac6b3ec673e71dbe05
SHA256

53c1d970620307475470590f96554f5ebf9da7a7a645533e4af17bbd00156c6f
SHA512

9e4850aee13655c820b9a72f39fee61055da8937214a342f9ca1c99580a55f94819921877d2340ae84d382d131a3752ba2a6a5362b870df949417fac6ede6db1
SSDEEP

49152:m57Wln2NfJnxanHsBsg97ecL0otcd/OHnivZVAf6NsLj0zDp:U7S27nxOMBsK26ivZVHsf0z1

Score

10^/10

xmrig antivm discovery linux miner persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8c532c75e69633f78ddc761d556f162517e36dfcc09196abb371648e9aa52884.elf

Resource

ubuntu1804-amd64-20240508-en

antivm discovery persistence

ubuntu-18.04-amd64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  8c532c75e69633f78ddc761d556f162517e36dfcc09196abb371648e9aa52884.elf
- Size
  
  4.3MB
- MD5
  
  c4bf5fcf869e339d6f9ea655345298a2
- SHA1
  
  e4d0f800040a1418204a7d75378c5772e552a303
- SHA256
  
  8c532c75e69633f78ddc761d556f162517e36dfcc09196abb371648e9aa52884
- SHA512
  
  64cd735d14cc7e61526cf5ff8551c71904dd5bdc706e1f88120677a42fa218b83fa8e47546cfd5c0e6340dab9f33f365192f166d5c41253e995a1258752ace04
- SSDEEP
  
  98304:c6OivwdJL4wiCuu/lF2avoworKDojE+jLN4pJYz6:c6OiGL4zuBoYt88JYz6
Score

9^/10

antivm discovery persistence
- Contacts a large (245700) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

antivmdiscoverypersistence

© 2018-2024

Terms | Privacy