General
-
Target
SecuriteInfo.com.Linux.Miner-ZS.18234.26199
-
Size
14.0MB
-
Sample
240830-jvak8aveqk
-
MD5
648effa354b3cbaad87b45f48d59c616
-
SHA1
0194637f1e83c2efc8bcda8d20c446805698c7bc
-
SHA256
6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b
-
SHA512
7ed0b6abeda6b3682bb94fbce8c5eeddf6206db23a87c11d606ea2f84a7606420ed47290317b5d9cb4d99f5c07943b8a7a548671d4c73106d6fbd48cd37bc146
-
SSDEEP
98304:zpU9MTfASNlnewCIoxAlfVG9bnY+Zx+A:zG9GfASNlnewChxAxVWbY
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Linux.Miner-ZS.18234.26199
-
Size
14.0MB
-
MD5
648effa354b3cbaad87b45f48d59c616
-
SHA1
0194637f1e83c2efc8bcda8d20c446805698c7bc
-
SHA256
6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b
-
SHA512
7ed0b6abeda6b3682bb94fbce8c5eeddf6206db23a87c11d606ea2f84a7606420ed47290317b5d9cb4d99f5c07943b8a7a548671d4c73106d6fbd48cd37bc146
-
SSDEEP
98304:zpU9MTfASNlnewCIoxAlfVG9bnY+Zx+A:zG9GfASNlnewChxAxVWbY
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-