General

  • Target

    runnb.tar.gz

  • Size

    207B

  • Sample

    241016-3rv8astcjp

  • MD5

    0d39f8f9166a133d46a92e1f3c31e208

  • SHA1

    b2b3982ef6519e200de7c98a848832d8598c22cd

  • SHA256

    62d6004452cfd60bd2b6c5395081c77cc84e7fa63eefb203daa1652cda475b8c

  • SHA512

    e691a0bcb30038f6ce160622df9482a677a20f0508ce903ea449608b59dc69e7496c34aab6d4db31bee955d596f7b984eff27b5a6eba95eb3294e9dc9f099451

Malware Config

Targets

    • Target

      runnb.sh

    • Size

      160B

    • MD5

      87ea8773efcca67a4f2ce3e1ba1d1ff8

    • SHA1

      0770e97785f007f7a3bc9d7e35a72b16895c366d

    • SHA256

      765a3183613b556d32d8775fc21410c61d1565a372c27ed54193d4808b5cdb01

    • SHA512

      df69c7a84df081850f4a1f72d78f65ddf61074fd4af7f989458cdc4273b5a64eeccb6864391ca780875e7b754834bbcbb17d550c4c9514101a8d3f45470ac514

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Legitimate hosting services abused for malware hosting/C2

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

MITRE ATT&CK Enterprise v15

Tasks