xmrig | e7c5562d00c621c6fd4579c3214524aefa482206ed1d5215f5887b316922564e | Triage

Submit
Reports

Overview

overview

Static

static

1

runok1.sh

ubuntu-18.04-amd64

7

runok1.sh

ubuntu-20.04-amd64

runok1.sh

ubuntu-22.04-amd64

runok1.sh

ubuntu-24.04-amd64

Sharing

General

Target

runok1.tar.gz
Size

197B
Sample

241017-etgwpavfmr
MD5

5e3c32a236c0911e63c1b4b0a655036c
SHA1

322466b761fb5f05a3f226329f94e323857c523f
SHA256

e7c5562d00c621c6fd4579c3214524aefa482206ed1d5215f5887b316922564e
SHA512

d065642d331d093b1df9f91e666489eb30f05421822dc380a4be2018b9d5fa9d09d8c24ac964abaa2e9bcfd52f826e4b22d6c9c141a2d426698b8e6178f8cc86

Score

10^/10

xmrig xmrig_linux antivm defense_evasion discovery linux miner

Static task

static1

Behavioral task

behavioral1

Sample

runok1.sh

Resource

ubuntu1804-amd64-20240611-en

defense_evasion discovery

ubuntu-18.04-amd64

2 signatures

1800 seconds

Behavioral task

behavioral2

Sample

runok1.sh

Resource

ubuntu2004-amd64-20240508-en

xmrig_linux antivm defense_evasion discovery miner

ubuntu-20.04-amd64

12 signatures

1800 seconds

Behavioral task

behavioral3

Sample

runok1.sh

Resource

ubuntu2204-amd64-20240729-en

xmrig antivm defense_evasion discovery miner

ubuntu-22.04-amd64

12 signatures

1800 seconds

Behavioral task

behavioral4

Sample

runok1.sh

Resource

ubuntu2404-amd64-20240523-en

xmrig_linux antivm discovery miner

ubuntu-24.04-amd64

10 signatures

1800 seconds

Malware Config

Targets

- Target
  
  runok1.sh
- Size
  
  138B
- MD5
  
  ed44ae7cc01f7bcc21c98a523afabd7c
- SHA1
  
  4e7f50162eeb61715a948d3359639c6910088860
- SHA256
  
  1663e111eceb895f9be9e87c6cfda675e506cd8ec88d144fd1a2b5dc7081d0de
- SHA512
  
  e1c895b50b2b259d40501497ae4f9b2bb77b2d8713cd584d9c83cab82898f5e134ba6c8320810bf649867156494ea5b656143b71e269c9490da210d48a52982c
Score

10^/10

defense_evasion discovery xmrig_linux antivm miner xmrig
- XMRig Miner payload
  miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Legitimate hosting services abused for malware hosting/C2
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

xmrig_linuxantivmdefense_evasiondiscoveryminer

behavioral3

xmrigantivmdefense_evasiondiscoveryminer

behavioral4

xmrig_linuxantivmdiscoveryminer

© 2018-2024

Terms | Privacy