General
-
Target
dbf22aada7e9efa11116411e1d6f18f6ecbb215d53e21d6f769e1869f4e8160b.elf
-
Size
8.7MB
-
Sample
240922-bzqh8swbrc
-
MD5
2352fd3e33ed079446cad48ee044df18
-
SHA1
2c1802e6f3eb067984245b0c23d2f093a93a42cc
-
SHA256
dbf22aada7e9efa11116411e1d6f18f6ecbb215d53e21d6f769e1869f4e8160b
-
SHA512
8a7c06d8db5083300844f8100a8bfeee4e0566b89a4c6791b1bc2b4a12cb55fe12f1d07dfbd972b58944cb2c3f5a0ce24cda554b3a82f07fe031795de290d637
-
SSDEEP
49152:I629tnIbPfVYG2VSLDhZlCcbZeXAGM0R62LP6XmhgeyWZ3Twkj5EgUuEZ/3z7JJP:I6CtuPdYWhZYGGM0RN6Xm2EPVEgq3/L
Malware Config
Targets
-
-
Target
dbf22aada7e9efa11116411e1d6f18f6ecbb215d53e21d6f769e1869f4e8160b.elf
-
Size
8.7MB
-
MD5
2352fd3e33ed079446cad48ee044df18
-
SHA1
2c1802e6f3eb067984245b0c23d2f093a93a42cc
-
SHA256
dbf22aada7e9efa11116411e1d6f18f6ecbb215d53e21d6f769e1869f4e8160b
-
SHA512
8a7c06d8db5083300844f8100a8bfeee4e0566b89a4c6791b1bc2b4a12cb55fe12f1d07dfbd972b58944cb2c3f5a0ce24cda554b3a82f07fe031795de290d637
-
SSDEEP
49152:I629tnIbPfVYG2VSLDhZlCcbZeXAGM0R62LP6XmhgeyWZ3Twkj5EgUuEZ/3z7JJP:I6CtuPdYWhZYGGM0RN6Xm2EPVEgq3/L
Score10/10-
XMRig Miner payload
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Executes dropped EXE
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-