xmrig_linux | 41984175828aee7ed699b0640207b790098e69008b3842734f5dcc3478a77b84

General

Target

02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
Size

7.9MB
MD5

b5b96a1bec4829501b85e6fe1c5044f5
SHA1

eae582a56f3403a2856d4a4f3b25f7f309f06ffc
SHA256

02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
SHA512

f57c6d37f6c35eaf0f30a1622ae6da164b93cd056741d99e88acd841a5467474f391542dc0c6ec64b715e77759943fbebdab8dc348f0e42dfe90967380fcce12
SSDEEP

98304:7+aLMsS4uGQp2Za8w/uk0zX0qme09CQD9VOe21gPEGbYV6MUtCqlXAiO7+PSFpyJ:hoGQp7XbYofXdZsNcS2DZLAGmU5

Score

10^/10

xmrig_linux antivm miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig_linux

Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

Checks DMI information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

Processes:

02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

description	ioc	process
File opened for reading	/sys/devices/virtual/dmi/id/product_name	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/board_vendor	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/bios_vendor	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/sys_vendor	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

Reads hardware information 1 TTPs 14 IoCs

Accesses system info like serial numbers, manufacturer names etc.

System Information Discovery

T1082

Processes:

02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

description	ioc	process
File opened for reading	/sys/devices/virtual/dmi/id/board_version	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/board_serial	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/board_asset_tag	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/chassis_vendor	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/chassis_serial	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/bios_version	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/board_name	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/product_serial	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/chassis_version	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/bios_date	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/product_version	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/chassis_type	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/chassis_asset_tag	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id/product_uuid	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

description ioc process

File opened for reading /proc/cpuinfo 02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

description	ioc	process
File opened for reading	/proc/cpuinfo	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

Reads CPU attributes 1 TTPs 45 IoCs

System Information Discovery

T1082

Processes:

02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

description	ioc	process
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/id	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/number_of_sets	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cpu_capacity	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/online	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/topology/physical_package_id	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/level	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/possible	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_cpus	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/topology/package_cpus	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/type	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/id	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/level	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/id	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/number_of_sets	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/number_of_sets	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/base_frequency	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_id	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/level	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/topology/cluster_cpus	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/type	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/size	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/type	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/id	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/topology/die_cpus	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/type	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/level	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

Enumerates kernel/hardware configuration 1 TTPs 24 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

description	ioc	process
File opened for reading	/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/hugepages	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/bus/dax/devices	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_latency	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/kernel/mm/hugepages	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/cpu_atom/cpus	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/cpu_core/cpus	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/cpumap	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/meminfo	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/access1/initiators	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_bandwidth	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/cpu	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/online	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/virtual/dmi/id	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/fs/cgroup/cgroup.controllers	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/fs/cgroup/cpuset.cpus.effective	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/fs/cgroup/cpuset.mems.effective	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/access0/initiators	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_bandwidth	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_latency	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/sys/bus/soc/devices	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

Reads runtime system information 5 IoCs

Reads data from /proc virtual filesystem.

Processes:

02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

description	ioc	process
File opened for reading	/proc/cmdline	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/proc/mounts	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/proc/self/cpuset	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/proc/meminfo	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
File opened for reading	/proc/driver/nvidia/gpus	02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5

/tmp/02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
/tmp/02a24a0fcb783ca93fb3420765e4a1bf3f49d233e2cff074549cb2058a1d8ac5
1⤵
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2474

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1497

Credential Access

Discovery

System Information Discovery

3

T1082

Virtualization/Sandbox Evasion

2

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads