Analysis
-
max time kernel
1799s -
max time network
1784s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
30/09/2024, 02:09
Behavioral task
behavioral1
Sample
xmrig-6.22.0/xmrig
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
7 signatures
1800 seconds
Behavioral task
behavioral2
Sample
xmrig-6.22.0/xmrig
Resource
ubuntu2004-amd64-20240729-en
ubuntu-20.04-amd64
7 signatures
1800 seconds
Behavioral task
behavioral3
Sample
xmrig-6.22.0/xmrig
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
7 signatures
1800 seconds
General
-
Target
xmrig-6.22.0/xmrig
-
Size
7.9MB
-
MD5
51f989c19819a0a0625c251df6affe95
-
SHA1
3b27c895b6f9665f9287510207bfcdcb7fe6e059
-
SHA256
fd11982f252c060a1372e81d5be57589647052b56281a5c54975ca22164f7726
-
SHA512
ec8ce7d1960f9ae564d5654a35e2ad108ed900f3f56b38dfe4601be0db49c1a3cd9c643307b72c2bfc0c157d2640a62343cd7377f68d29327104e0e78b4bdfbd
-
SSDEEP
98304:XKMjbl9nPlFyVrEpdzukkzX0cEcCcons+qh3grgPEm7eXYPi1Q8l+Zjk/VA264cV:v/Fyepw7eIg+xuZNhXUVZ+5u3E3
Malware Config
Signatures
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrig File opened for reading /sys/devices/virtual/dmi/id/product_name xmrig File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrig File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrig -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_uuid xmrig File opened for reading /sys/devices/virtual/dmi/id/chassis_type xmrig File opened for reading /sys/devices/virtual/dmi/id/chassis_version xmrig File opened for reading /sys/devices/virtual/dmi/id/chassis_serial xmrig File opened for reading /sys/devices/virtual/dmi/id/bios_version xmrig File opened for reading /sys/devices/virtual/dmi/id/product_serial xmrig File opened for reading /sys/devices/virtual/dmi/id/board_name xmrig File opened for reading /sys/devices/virtual/dmi/id/board_version xmrig File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor xmrig File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag xmrig File opened for reading /sys/devices/virtual/dmi/id/product_version xmrig File opened for reading /sys/devices/virtual/dmi/id/board_serial xmrig File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag xmrig File opened for reading /sys/devices/virtual/dmi/id/bios_date xmrig -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo xmrig -
Reads CPU attributes 1 TTPs 45 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq xmrig File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type xmrig File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/online xmrig File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id xmrig File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/possible xmrig File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition xmrig File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size xmrig File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id xmrig File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size xmrig -
Enumerates kernel/hardware configuration 1 TTPs 27 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/fs/cgroup/cpuset.mems.effective xmrig File opened for reading /sys/devices/cpu_atom/cpus xmrig File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth xmrig File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency xmrig File opened for reading /sys/devices/system/node/node0/cpumap xmrig File opened for reading /sys/devices/system/node/node0/access1/initiators xmrig File opened for reading /sys/devices/system/cpu xmrig File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages xmrig File opened for reading /sys/devices/system/node/node0/hugepages xmrig File opened for reading /sys/bus/dax/devices xmrig File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth xmrig File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency xmrig File opened for reading /sys/devices/system/node/node0/meminfo xmrig File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages xmrig File opened for reading /sys/fs/cgroup/cgroup.controllers xmrig File opened for reading /sys/fs/cgroup/cpuset.cpus.effective xmrig File opened for reading /sys/devices/cpu_core/cpus xmrig File opened for reading /sys/devices/system/node/online xmrig File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages xmrig File opened for reading /sys/firmware/dmi/tables/smbios_entry_point xmrig File opened for reading /sys/kernel/mm/hugepages xmrig File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages xmrig File opened for reading /sys/devices/system/node/node0/access0/initiators xmrig File opened for reading /sys/firmware/dmi/tables/DMI xmrig File opened for reading /sys/bus/soc/devices xmrig File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages xmrig File opened for reading /sys/devices/virtual/dmi/id xmrig -
description ioc Process File opened for reading /proc/version_signature xmrig File opened for reading /proc/sys/vm/nr_hugepages xmrig File opened for reading /proc/cmdline xmrig File opened for reading /proc/mounts xmrig File opened for reading /proc/self/cpuset xmrig File opened for reading /proc/meminfo xmrig File opened for reading /proc/driver/nvidia/gpus xmrig -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/xmrig-6.22.0/config.json xmrig