General

  • Target

    xmrlinuxamd64

  • Size

    8.8MB

  • Sample

    241001-j4shdsyhrm

  • MD5

    696180ee1b5a45a4897ebe78219cdbbf

  • SHA1

    aba713a4b818a908ecef92600385e101323a43d8

  • SHA256

    39e260ecea6351d0951be6d16f6eb3d243f22837d1f9bb47356d3a3320e30c69

  • SHA512

    870989e87d2cdd99d6252558c5a93124755cfc49c58cf8cf2a34eb5583d7870415949286de7b28ec6d9d7ea34a5ab437d5d0e8aaf9e664d968ea1cabd24cd261

  • SSDEEP

    49152:8zs7cjkjzBbeojVRCa11UmE8NgClMtyOt/4v0kBCYHujKkxfCyY3H95EbBuE3Z9e:asZXBi+Ucim9XMgOpc0k7AUEFj/+zd

Malware Config

Targets

    • Target

      xmrlinuxamd64

    • Size

      8.8MB

    • MD5

      696180ee1b5a45a4897ebe78219cdbbf

    • SHA1

      aba713a4b818a908ecef92600385e101323a43d8

    • SHA256

      39e260ecea6351d0951be6d16f6eb3d243f22837d1f9bb47356d3a3320e30c69

    • SHA512

      870989e87d2cdd99d6252558c5a93124755cfc49c58cf8cf2a34eb5583d7870415949286de7b28ec6d9d7ea34a5ab437d5d0e8aaf9e664d968ea1cabd24cd261

    • SSDEEP

      49152:8zs7cjkjzBbeojVRCa11UmE8NgClMtyOt/4v0kBCYHujKkxfCyY3H95EbBuE3Z9e:asZXBi+Ucim9XMgOpc0k7AUEFj/+zd

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Executes dropped EXE

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

MITRE ATT&CK Enterprise v15

Tasks