Analysis

  • max time kernel
    1049s
  • max time network
    1049s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    25-08-2024 19:44

General

  • Target

    jxLUbK2

  • Size

    6.8MB

  • MD5

    b1d7193b60e93d293689e2303cf332c9

  • SHA1

    471d23ab3012e84fd0ff81b74ea2f7c8472de20d

  • SHA256

    f649ad75749bec6ce9cd58073af60687af83a253dbf5806adac6571da0012d04

  • SHA512

    d48309be4919de0048dee291f4d49e63737364e80d873bf6ea516c4d32f5552c9350fa3364c1e1917827f78fce63a9171f735aa1bde27095fc114f1ec01cc6be

  • SSDEEP

    98304:BLgiVSwDwUC2M42EF/nQ3249addaDz+UlSQB:BLgePDwUCoo2ctqUlSQB

Malware Config

Signatures

  • XMRig Miner payload 2 IoCs
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Executes dropped EXE 1 IoCs
  • Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Reads hardware information 1 TTPs 14 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 45 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 28 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/jxLUbK2
    /tmp/jxLUbK2
    1⤵
    • Enumerates kernel/hardware configuration
    PID:2508
    • /root/Desktop/linuXMRIG/xmrig
      /root/Desktop/linuXMRIG/xmrig -o xmrig.sd1.rostech.dev:6164 -u x -p x -k
      2⤵
      • Executes dropped EXE
      • Checks hardware identifiers (DMI)
      • Reads hardware information
      • Checks CPU configuration
      • Reads CPU attributes
      • Enumerates kernel/hardware configuration
      • Reads runtime system information
      PID:2535

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /root/Desktop/linuXMRIG.zip

    Filesize

    3.4MB

    MD5

    47ee8b3f7380bbe6c91768ac854cbc56

    SHA1

    fae416f5eb1cdf313c6d0ea30939e961151b5d98

    SHA256

    8c130689512fb21e6c8026c888a3a55b28f1d91c0f4e0247fc2ba1bf2b9160b6

    SHA512

    de953b57c1871be766b2f9cad959acc8f5fc4a964bc48b18205eb5b7e2a4361e6b334aa2773283daa5d354ff864941aac20f3718695a8486d7a536853c970abe

  • /root/Desktop/linuXMRIG/SHA256SUMS

    Filesize

    150B

    MD5

    19f1bb08cf8997837b1f738b76ca97e9

    SHA1

    c497499ad539d6ef580c6c932a2633fe820abded

    SHA256

    99ca11102d0994a98a76722b325f3215b30d3b3df3d722a2baebf6f9944566fa

    SHA512

    fbb742f0fa67720e798b493a5e5ba5e72cbdde3c0ea55cfc0704f93ab97c586434a3e029f6e1e3ed655da997649aa8e9caf352018b87457755f75ca1bfe50230

  • /root/Desktop/linuXMRIG/config.json

    Filesize

    2KB

    MD5

    66f38c96a4901e7b345787c447842b3e

    SHA1

    2aa9b4d1bd2edd5d81bd9725e9318edaee67531f

    SHA256

    2b03943244871ca75e44513e4d20470b8f3e0f209d185395de82b447022437ec

    SHA512

    71757fad29d6d2a257362ed28cde9f249cc8a14e646dee666c9029ea97c72de689cdf8ed5cf0365195a6a6831fe77d82efe5e2fa555c6cc5078f1f29ae8dd68f

  • /root/Desktop/linuXMRIG/xmrig

    Filesize

    7.9MB

    MD5

    51f989c19819a0a0625c251df6affe95

    SHA1

    3b27c895b6f9665f9287510207bfcdcb7fe6e059

    SHA256

    fd11982f252c060a1372e81d5be57589647052b56281a5c54975ca22164f7726

    SHA512

    ec8ce7d1960f9ae564d5654a35e2ad108ed900f3f56b38dfe4601be0db49c1a3cd9c643307b72c2bfc0c157d2640a62343cd7377f68d29327104e0e78b4bdfbd