General

  • Target

    SecuriteInfo.com.PUA.Tool.Linux.BtcMine.9999.10415.27092.elf

  • Size

    1.1MB

  • Sample

    240901-rnzwjatdlb

  • MD5

    f6d190c69bff0fee4414a20101267b20

  • SHA1

    df6828149d527b84a7b0dcb565aac13819897fc8

  • SHA256

    e86081329173be1acc1486a47cee17c9c7b78c50928e7bb9e05a86f1c040a746

  • SHA512

    08ad1085153f04503cdf19634426fc3631e956936b2f97e5f1bca42bb0554d689db120a2f81f56fcc85929fa255daca106dc4766d8c5769b06a873182fcf444b

  • SSDEEP

    24576:esizaUcBZ1E8noALGP5XrRX5SIAPfotseGi7e7lovJOEk/ZFzl:eVzaUd8nodBXrRXXAPgtlGHGvJGl

Malware Config

Targets

    • Target

      SecuriteInfo.com.PUA.Tool.Linux.BtcMine.9999.10415.27092.elf

    • Size

      1.1MB

    • MD5

      f6d190c69bff0fee4414a20101267b20

    • SHA1

      df6828149d527b84a7b0dcb565aac13819897fc8

    • SHA256

      e86081329173be1acc1486a47cee17c9c7b78c50928e7bb9e05a86f1c040a746

    • SHA512

      08ad1085153f04503cdf19634426fc3631e956936b2f97e5f1bca42bb0554d689db120a2f81f56fcc85929fa255daca106dc4766d8c5769b06a873182fcf444b

    • SSDEEP

      24576:esizaUcBZ1E8noALGP5XrRX5SIAPfotseGi7e7lovJOEk/ZFzl:eVzaUd8nodBXrRXXAPgtlGHGvJGl

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Contacts a large (354257) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • XMRig Miner payload

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks