General

  • Target

    runok1.tar.gz

  • Size

    197B

  • Sample

    241017-etgwpavfmr

  • MD5

    5e3c32a236c0911e63c1b4b0a655036c

  • SHA1

    322466b761fb5f05a3f226329f94e323857c523f

  • SHA256

    e7c5562d00c621c6fd4579c3214524aefa482206ed1d5215f5887b316922564e

  • SHA512

    d065642d331d093b1df9f91e666489eb30f05421822dc380a4be2018b9d5fa9d09d8c24ac964abaa2e9bcfd52f826e4b22d6c9c141a2d426698b8e6178f8cc86

Malware Config

Targets

    • Target

      runok1.sh

    • Size

      138B

    • MD5

      ed44ae7cc01f7bcc21c98a523afabd7c

    • SHA1

      4e7f50162eeb61715a948d3359639c6910088860

    • SHA256

      1663e111eceb895f9be9e87c6cfda675e506cd8ec88d144fd1a2b5dc7081d0de

    • SHA512

      e1c895b50b2b259d40501497ae4f9b2bb77b2d8713cd584d9c83cab82898f5e134ba6c8320810bf649867156494ea5b656143b71e269c9490da210d48a52982c

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Legitimate hosting services abused for malware hosting/C2

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

MITRE ATT&CK Enterprise v15

Tasks