xmrig_linux | f5462666cfd610336545233aba5f6014699d4b07829c856d0b99956075f7331b | Triage

Submit
Reports

Overview

overview

Static

static

1

a.sh

ubuntu-18.04-amd64

Resubmissions

09-09-2024 17:01

240909-vjrada1gmd 10

24-01-2024 21:55

240124-1srkdsaadr 10

Sharing

General

Target

a.sh
Size

6KB
Sample

240909-vjrada1gmd
MD5

e97dee2d99e3bd5150abdfb488aafeb8
SHA1

8a9b089a194b383b2202457afa1e0b3ec8fc4d3f
SHA256

f5462666cfd610336545233aba5f6014699d4b07829c856d0b99956075f7331b
SHA512

1d572bc3c7642ea007d441865c879ce4037848210a5194ea1bf262af22e9b84e674c067138531672758e2fbf7a53e82820502736827366d4688180c1f6bcfa25
SSDEEP

192:mRoo5wsIGV7DDf6jlpTWg3vMGQit/3PCd/8PY3+R3YB:mao5wgV7DDf6jlpTWg3vMGQit/3PCd//

Score

10^/10

xmrig_linux defense_evasion discovery evasion linux miner privilege_escalation rootkit

Static task

static1

Behavioral task

behavioral1

Sample

a.sh

Resource

ubuntu1804-amd64-20240611-en

xmrig_linux defense_evasion discovery evasion miner privilege_escalation rootkit

ubuntu-18.04-amd64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  a.sh
- Size
  
  6KB
- MD5
  
  e97dee2d99e3bd5150abdfb488aafeb8
- SHA1
  
  8a9b089a194b383b2202457afa1e0b3ec8fc4d3f
- SHA256
  
  f5462666cfd610336545233aba5f6014699d4b07829c856d0b99956075f7331b
- SHA512
  
  1d572bc3c7642ea007d441865c879ce4037848210a5194ea1bf262af22e9b84e674c067138531672758e2fbf7a53e82820502736827366d4688180c1f6bcfa25
- SSDEEP
  
  192:mRoo5wsIGV7DDf6jlpTWg3vMGQit/3PCd/8PY3+R3YB:mao5wgV7DDf6jlpTWg3vMGQit/3PCd//
Score

10^/10

xmrig_linux defense_evasion discovery evasion miner privilege_escalation rootkit
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Flushes firewall rules
  Flushes/ disables firewall rules inside the Linux kernel.
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  Abuse sudo or cached sudo credentials to execute code.
  privilege_escalation defense_evasion
- Disables AppArmor
  Disables AppArmor security module.
- Disables SELinux
  Disables SELinux security module.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Defense Evasion

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Indicator Removal

Clear Linux or Mac System Logs

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrig_linuxdefense_evasiondiscoveryevasionminerprivilege_escalationrootkit

© 2018-2024

Terms | Privacy