General
-
Target
5f3e06f187c4088882133251e9ee6a03e8f11c73354af3bd6fd7c010b46e78f0.elf
-
Size
8.7MB
-
Sample
241015-xw6a6swdpl
-
MD5
aff9d4675fdb21bb30e23ab1466b5841
-
SHA1
bed1388ccca38218fa67ac7670b0e13bf759702e
-
SHA256
5f3e06f187c4088882133251e9ee6a03e8f11c73354af3bd6fd7c010b46e78f0
-
SHA512
2ed958de56fa264446d7d85d36c05e693926a6bfeed6d58aeea7aa1d6f595c94b71472c75834c3edc71ffefc4c3fc59a5362e377ee93c651637d77dc20c9ecf0
-
SSDEEP
98304:6OiwcvRyACNEbruhSGwXUEvNPHbZNcRsR:diNCKbreqv9bZNcRsR
Malware Config
Targets
-
-
Target
5f3e06f187c4088882133251e9ee6a03e8f11c73354af3bd6fd7c010b46e78f0.elf
-
Size
8.7MB
-
MD5
aff9d4675fdb21bb30e23ab1466b5841
-
SHA1
bed1388ccca38218fa67ac7670b0e13bf759702e
-
SHA256
5f3e06f187c4088882133251e9ee6a03e8f11c73354af3bd6fd7c010b46e78f0
-
SHA512
2ed958de56fa264446d7d85d36c05e693926a6bfeed6d58aeea7aa1d6f595c94b71472c75834c3edc71ffefc4c3fc59a5362e377ee93c651637d77dc20c9ecf0
-
SSDEEP
98304:6OiwcvRyACNEbruhSGwXUEvNPHbZNcRsR:diNCKbreqv9bZNcRsR
Score10/10-
XMRig Miner payload
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Executes dropped EXE
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-