General

  • Target

    SecuriteInfo.com.Linux.MinerZS.18234.26199

  • Size

    14.0MB

  • Sample

    240830-qk6z1axckk

  • MD5

    648effa354b3cbaad87b45f48d59c616

  • SHA1

    0194637f1e83c2efc8bcda8d20c446805698c7bc

  • SHA256

    6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b

  • SHA512

    7ed0b6abeda6b3682bb94fbce8c5eeddf6206db23a87c11d606ea2f84a7606420ed47290317b5d9cb4d99f5c07943b8a7a548671d4c73106d6fbd48cd37bc146

  • SSDEEP

    98304:zpU9MTfASNlnewCIoxAlfVG9bnY+Zx+A:zG9GfASNlnewChxAxVWbY

Malware Config

Targets

    • Target

      SecuriteInfo.com.Linux.MinerZS.18234.26199

    • Size

      14.0MB

    • MD5

      648effa354b3cbaad87b45f48d59c616

    • SHA1

      0194637f1e83c2efc8bcda8d20c446805698c7bc

    • SHA256

      6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b

    • SHA512

      7ed0b6abeda6b3682bb94fbce8c5eeddf6206db23a87c11d606ea2f84a7606420ed47290317b5d9cb4d99f5c07943b8a7a548671d4c73106d6fbd48cd37bc146

    • SSDEEP

      98304:zpU9MTfASNlnewCIoxAlfVG9bnY+Zx+A:zG9GfASNlnewChxAxVWbY

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Executes dropped EXE

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

MITRE ATT&CK Enterprise v15

Tasks