General
-
Target
runnb.tar.gz
-
Size
207B
-
Sample
241016-3sj7eszend
-
MD5
0d39f8f9166a133d46a92e1f3c31e208
-
SHA1
b2b3982ef6519e200de7c98a848832d8598c22cd
-
SHA256
62d6004452cfd60bd2b6c5395081c77cc84e7fa63eefb203daa1652cda475b8c
-
SHA512
e691a0bcb30038f6ce160622df9482a677a20f0508ce903ea449608b59dc69e7496c34aab6d4db31bee955d596f7b984eff27b5a6eba95eb3294e9dc9f099451
Static task
static1
Behavioral task
behavioral1
Sample
runnb.sh
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral2
Sample
runnb.sh
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral3
Sample
runnb.sh
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
runnb.sh
-
Size
160B
-
MD5
87ea8773efcca67a4f2ce3e1ba1d1ff8
-
SHA1
0770e97785f007f7a3bc9d7e35a72b16895c366d
-
SHA256
765a3183613b556d32d8775fc21410c61d1565a372c27ed54193d4808b5cdb01
-
SHA512
df69c7a84df081850f4a1f72d78f65ddf61074fd4af7f989458cdc4273b5a64eeccb6864391ca780875e7b754834bbcbb17d550c4c9514101a8d3f45470ac514
-
XMRig Miner payload
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Legitimate hosting services abused for malware hosting/C2
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
2System Checks
2