xmrig_linux | 7f2b4e30c6ae7c56c0bc861f920bca6b52183b3e8bc30347739c6591bdfaa589 | Triage

Resubmissions

18-10-2024 08:32

241018-ke9aaazcrr 10

Sharing

General

Target

kermine
Size

1.3MB
Sample

241018-ke9aaazcrr
MD5

13d1ec32d39153bddcb677fc491d90f8
SHA1

28f07354c83098f3f2f988249251096bcdf68549
SHA256

7f2b4e30c6ae7c56c0bc861f920bca6b52183b3e8bc30347739c6591bdfaa589
SHA512

1dbcab16cb408f8c895609af43f973c09b4c0dda5da1f36e2524823b53874cdce585bf4d4d489f9323043f69d688cf3375ad14036e99f0b09c6bdfddf66289b4
SSDEEP

24576:87U+XfGMTwJ7RBNytH9wiPGKgIxECVVXZSELt:8g+XfjU7RBNC9wiPGKgIxE8VwE

Score

10^/10

xmrig_linux credential_access defense_evasion discovery evasion execution linux miner privilege_escalation rootkit

Malware Config

Targets

- Target
  
  kermine
- Size
  
  1.3MB
- MD5
  
  13d1ec32d39153bddcb677fc491d90f8
- SHA1
  
  28f07354c83098f3f2f988249251096bcdf68549
- SHA256
  
  7f2b4e30c6ae7c56c0bc861f920bca6b52183b3e8bc30347739c6591bdfaa589
- SHA512
  
  1dbcab16cb408f8c895609af43f973c09b4c0dda5da1f36e2524823b53874cdce585bf4d4d489f9323043f69d688cf3375ad14036e99f0b09c6bdfddf66289b4
- SSDEEP
  
  24576:87U+XfGMTwJ7RBNytH9wiPGKgIxECVVXZSELt:8g+XfjU7RBNC9wiPGKgIxE8VwE
Score

10^/10

xmrig_linux credential_access defense_evasion discovery evasion execution miner privilege_escalation rootkit
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- OS Credential Dumping
  Adversaries may attempt to dump credentials to use it in password cracking.
  credential_access
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  Abuse sudo or cached sudo credentials to execute code.
  privilege_escalation defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads list of loaded kernel modules
  Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Defense Evasion

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Indicator Removal

Clear Linux or Mac System Logs

Virtualization/Sandbox Evasion

Credential Access

OS Credential Dumping

/etc/passwd and /etc/shadow

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrig_linuxcredential_accessdefense_evasiondiscoveryevasionexecutionminerprivilege_escalationrootkit