Analysis
-
max time kernel
0s -
max time network
3s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
25-07-2024 20:19
Behavioral task
behavioral1
Sample
pc784f
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
7 signatures
150 seconds
General
-
Target
pc784f
-
Size
9.0MB
-
MD5
08b5cf80f75b199d5b77e7f6de8c7f4c
-
SHA1
58f3af800d0020cc6bc4b24574585ed3cc3dc5b3
-
SHA256
0d8b23f5f14cd089f852e5fbd597b34e64182c7a05d453b2ed94fae05ab56e97
-
SHA512
9600fc5fbdcb89390f2fbbed10c1be7035f860dccd50b15146a0ae8b67f0f5f873b966e1215f6289135e414b149759c16808205d4ca975f11e248e64cdcd3415
-
SSDEEP
98304:z5rIcQQQ5x2RPXuk3zX0vdgcUxDOj7G8+vkPExZAvdZgI3qW2/alC6yLdn1iFpfr:tSxmZAHJs1OaNkTdDxp/dIs
Score
10/10
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_name pc784f File opened for reading /sys/devices/virtual/dmi/id/board_vendor pc784f File opened for reading /sys/devices/virtual/dmi/id/bios_vendor pc784f File opened for reading /sys/devices/virtual/dmi/id/sys_vendor pc784f -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_serial pc784f File opened for reading /sys/devices/virtual/dmi/id/board_serial pc784f File opened for reading /sys/devices/virtual/dmi/id/chassis_version pc784f File opened for reading /sys/devices/virtual/dmi/id/bios_version pc784f File opened for reading /sys/devices/virtual/dmi/id/product_version pc784f File opened for reading /sys/devices/virtual/dmi/id/chassis_type pc784f File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag pc784f File opened for reading /sys/devices/virtual/dmi/id/product_uuid pc784f File opened for reading /sys/devices/virtual/dmi/id/board_name pc784f File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag pc784f File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor pc784f File opened for reading /sys/devices/virtual/dmi/id/board_version pc784f File opened for reading /sys/devices/virtual/dmi/id/chassis_serial pc784f File opened for reading /sys/devices/virtual/dmi/id/bios_date pc784f -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo pc784f -
Reads CPU attributes 1 TTPs 45 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id pc784f File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus pc784f File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size pc784f File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity pc784f File opened for reading /sys/devices/system/cpu/possible pc784f File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map pc784f File opened for reading /sys/devices/system/cpu/online pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets pc784f File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size pc784f -
Enumerates kernel/hardware configuration 1 TTPs 22 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency pc784f File opened for reading /sys/devices/virtual/dmi/id pc784f File opened for reading /sys/bus/soc/devices pc784f File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems pc784f File opened for reading /sys/devices/system/node/online pc784f File opened for reading /sys/devices/system/node/node0/meminfo pc784f File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth pc784f File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus pc784f File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages pc784f File opened for reading /sys/devices/system/node/node0/access0/initiators pc784f File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth pc784f File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages pc784f File opened for reading /sys/devices/system/node/node0/cpumap pc784f File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency pc784f File opened for reading /sys/devices/system/cpu pc784f File opened for reading /sys/devices/cpu_atom/cpus pc784f File opened for reading /sys/devices/cpu_core/cpus pc784f File opened for reading /sys/kernel/mm/hugepages pc784f File opened for reading /sys/fs/cgroup/unified/cgroup.controllers pc784f File opened for reading /sys/devices/system/node/node0/hugepages pc784f File opened for reading /sys/bus/dax/devices pc784f File opened for reading /sys/devices/system/node/node0/access1/initiators pc784f -
Reads runtime system information 5 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/cmdline pc784f File opened for reading /proc/mounts pc784f File opened for reading /proc/self/cpuset pc784f File opened for reading /proc/meminfo pc784f File opened for reading /proc/driver/nvidia/gpus pc784f