General
-
Target
xmr_linux_amd64
-
Size
8.8MB
-
Sample
240930-1knhrswfpl
-
MD5
696180ee1b5a45a4897ebe78219cdbbf
-
SHA1
aba713a4b818a908ecef92600385e101323a43d8
-
SHA256
39e260ecea6351d0951be6d16f6eb3d243f22837d1f9bb47356d3a3320e30c69
-
SHA512
870989e87d2cdd99d6252558c5a93124755cfc49c58cf8cf2a34eb5583d7870415949286de7b28ec6d9d7ea34a5ab437d5d0e8aaf9e664d968ea1cabd24cd261
-
SSDEEP
49152:8zs7cjkjzBbeojVRCa11UmE8NgClMtyOt/4v0kBCYHujKkxfCyY3H95EbBuE3Z9e:asZXBi+Ucim9XMgOpc0k7AUEFj/+zd
Static task
static1
Behavioral task
behavioral1
Sample
xmr_linux_amd64
Resource
ubuntu2004-amd64-20240508-en
Malware Config
Targets
-
-
Target
xmr_linux_amd64
-
Size
8.8MB
-
MD5
696180ee1b5a45a4897ebe78219cdbbf
-
SHA1
aba713a4b818a908ecef92600385e101323a43d8
-
SHA256
39e260ecea6351d0951be6d16f6eb3d243f22837d1f9bb47356d3a3320e30c69
-
SHA512
870989e87d2cdd99d6252558c5a93124755cfc49c58cf8cf2a34eb5583d7870415949286de7b28ec6d9d7ea34a5ab437d5d0e8aaf9e664d968ea1cabd24cd261
-
SSDEEP
49152:8zs7cjkjzBbeojVRCa11UmE8NgClMtyOt/4v0kBCYHujKkxfCyY3H95EbBuE3Z9e:asZXBi+Ucim9XMgOpc0k7AUEFj/+zd
-
XMRig Miner payload
-
Executes dropped EXE
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-