xmrig_linux | e52646f7cb2886d8a5d4c1a2692a5ab80926e7ce48bdb2362f383c0c6c7223a2 | Triage

Submit
Reports

Overview

overview

Static

static

5

sbin

ubuntu-20.04-amd64

Resubmissions

29-09-2024 11:53

240929-n2mlkstbpq 10

26-11-2020 12:41

201126-yzw2axgdz2 9

Sharing

General

Target

sbin
Size

6.9MB
Sample

240929-n2mlkstbpq
MD5

a2a11ec332dfd8b1b273d62f736c48a3
SHA1

cf0c8bd46ff772954f6a98ec30f804e1b851be12
SHA256

e52646f7cb2886d8a5d4c1a2692a5ab80926e7ce48bdb2362f383c0c6c7223a2
SHA512

e749068691711391496b85bae67a5c2f1a786ca2bd0be1d636d6f52337923d49045b0979afad811f47882bbcb3c162e1303dee92995cede5bf76ec739dfbf6b7
SSDEEP

196608:Ma1o/+3TVBAeKn5On3eOzWbqDIuJcXRsG0OEhmlzG:te+AFn03eOz4qDqsmlK

Score

10^/10

xmrig_linux antivm defense_evasion discovery linux miner privilege_escalation upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sbin

Resource

ubuntu2004-amd64-20240611-en

xmrig_linux antivm defense_evasion discovery miner privilege_escalation

ubuntu-20.04-amd64

10 signatures

120 seconds

Malware Config

Targets

- Target
  
  sbin
- Size
  
  6.9MB
- MD5
  
  a2a11ec332dfd8b1b273d62f736c48a3
- SHA1
  
  cf0c8bd46ff772954f6a98ec30f804e1b851be12
- SHA256
  
  e52646f7cb2886d8a5d4c1a2692a5ab80926e7ce48bdb2362f383c0c6c7223a2
- SHA512
  
  e749068691711391496b85bae67a5c2f1a786ca2bd0be1d636d6f52337923d49045b0979afad811f47882bbcb3c162e1303dee92995cede5bf76ec739dfbf6b7
- SSDEEP
  
  196608:Ma1o/+3TVBAeKn5On3eOzWbqDIuJcXRsG0OEhmlzG:te+AFn03eOz4qDqsmlK
Score

10^/10

xmrig_linux antivm defense_evasion discovery miner privilege_escalation
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Runs EXE from memory
  Runs an executable from memory, likely to minimize footprint
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  Abuse sudo or cached sudo credentials to execute code.
  privilege_escalation defense_evasion
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Defense Evasion

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Deobfuscate/Decode Files or Information

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrig_linuxantivmdefense_evasiondiscoveryminerprivilege_escalation

© 2018-2024

Terms | Privacy