xmrig | 62d6004452cfd60bd2b6c5395081c77cc84e7fa63eefb203daa1652cda475b8c | Triage

Submit
Reports

Overview

overview

Static

static

1

runnb.sh

ubuntu-20.04-amd64

runnb.sh

ubuntu-22.04-amd64

runnb.sh

ubuntu-24.04-amd64

Sharing

General

Target

runnb.tar.gz
Size

207B
Sample

241016-3sj7eszend
MD5

0d39f8f9166a133d46a92e1f3c31e208
SHA1

b2b3982ef6519e200de7c98a848832d8598c22cd
SHA256

62d6004452cfd60bd2b6c5395081c77cc84e7fa63eefb203daa1652cda475b8c
SHA512

e691a0bcb30038f6ce160622df9482a677a20f0508ce903ea449608b59dc69e7496c34aab6d4db31bee955d596f7b984eff27b5a6eba95eb3294e9dc9f099451

Score

10^/10

xmrig xmrig_linux antivm defense_evasion discovery linux miner

Static task

static1

Behavioral task

behavioral1

Sample

runnb.sh

Resource

ubuntu2004-amd64-20240611-en

xmrig antivm defense_evasion discovery miner

ubuntu-20.04-amd64

12 signatures

1800 seconds

Behavioral task

behavioral2

Sample

runnb.sh

Resource

ubuntu2204-amd64-20240522.1-en

xmrig_linux antivm defense_evasion discovery miner

ubuntu-22.04-amd64

12 signatures

1800 seconds

Behavioral task

behavioral3

Sample

runnb.sh

Resource

ubuntu2404-amd64-20240523-en

xmrig antivm defense_evasion discovery miner

ubuntu-24.04-amd64

12 signatures

1800 seconds

Malware Config

Targets

- Target
  
  runnb.sh
- Size
  
  160B
- MD5
  
  87ea8773efcca67a4f2ce3e1ba1d1ff8
- SHA1
  
  0770e97785f007f7a3bc9d7e35a72b16895c366d
- SHA256
  
  765a3183613b556d32d8775fc21410c61d1565a372c27ed54193d4808b5cdb01
- SHA512
  
  df69c7a84df081850f4a1f72d78f65ddf61074fd4af7f989458cdc4273b5a64eeccb6864391ca780875e7b754834bbcbb17d550c4c9514101a8d3f45470ac514
Score

10^/10

xmrig antivm defense_evasion discovery miner xmrig_linux
- XMRig Miner payload
  miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Legitimate hosting services abused for malware hosting/C2
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigantivmdefense_evasiondiscoveryminer

behavioral2

xmrig_linuxantivmdefense_evasiondiscoveryminer

behavioral3

xmrigantivmdefense_evasiondiscoveryminer

© 2018-2024

Terms | Privacy