General
-
Target
runok1.tar.gz
-
Size
197B
-
Sample
241017-etgwpavfmr
-
MD5
5e3c32a236c0911e63c1b4b0a655036c
-
SHA1
322466b761fb5f05a3f226329f94e323857c523f
-
SHA256
e7c5562d00c621c6fd4579c3214524aefa482206ed1d5215f5887b316922564e
-
SHA512
d065642d331d093b1df9f91e666489eb30f05421822dc380a4be2018b9d5fa9d09d8c24ac964abaa2e9bcfd52f826e4b22d6c9c141a2d426698b8e6178f8cc86
Static task
static1
Behavioral task
behavioral1
Sample
runok1.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
runok1.sh
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral3
Sample
runok1.sh
Resource
ubuntu2204-amd64-20240729-en
Behavioral task
behavioral4
Sample
runok1.sh
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
runok1.sh
-
Size
138B
-
MD5
ed44ae7cc01f7bcc21c98a523afabd7c
-
SHA1
4e7f50162eeb61715a948d3359639c6910088860
-
SHA256
1663e111eceb895f9be9e87c6cfda675e506cd8ec88d144fd1a2b5dc7081d0de
-
SHA512
e1c895b50b2b259d40501497ae4f9b2bb77b2d8713cd584d9c83cab82898f5e134ba6c8320810bf649867156494ea5b656143b71e269c9490da210d48a52982c
-
XMRig Miner payload
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Legitimate hosting services abused for malware hosting/C2
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
2System Checks
2