xmrig | e0167b29311f359344fe2879d8de3e8f5eb4c4d5a54bf0d46406d1d7af0cd2ff | Triage

Resubmissions

21-10-2024 12:12

241021-pdcl5stbje 10

21-10-2024 11:59

241021-n55xbsshjb 10

19-10-2024 11:43

241019-nvrlyswdrn 10

19-10-2024 03:15

241019-drzs2swcrr 10

19-10-2024 03:03

241019-dj7tpavhrp 10

18-10-2024 09:09

241018-k4fdhaycqc 10

Sharing

General

Target

name.zip
Size

3.9MB
Sample

241019-drzs2swcrr
MD5

b001d8369997dbf8f9303de8faed1adb
SHA1

b3f8425585c95c6c737add0d63ba148691345c20
SHA256

e0167b29311f359344fe2879d8de3e8f5eb4c4d5a54bf0d46406d1d7af0cd2ff
SHA512

39a51b404afa8b5a3cd8e653310492633eb9bb34e27b08a93da448fcbd5c6c7df1c7ef3b4a5f7824d5bd2747850267acd2a0c05f1d60e75495e4e6ceb52956a6
SSDEEP

98304:sQE0RKwiLgnCy7n+wF3BOvExR+CEM29vVuiC7sM9Nh6on61KC2nA4:LEkdn/n+WR9x0uovV1C7sM9zL61KCSA4

Score

10^/10

xmrig xmrig_linux credential_access defense_evasion discovery evasion execution linux miner privilege_escalation rootkit

Malware Config

Targets

- Target
  
  kermine
- Size
  
  1.3MB
- MD5
  
  13d1ec32d39153bddcb677fc491d90f8
- SHA1
  
  28f07354c83098f3f2f988249251096bcdf68549
- SHA256
  
  7f2b4e30c6ae7c56c0bc861f920bca6b52183b3e8bc30347739c6591bdfaa589
- SHA512
  
  1dbcab16cb408f8c895609af43f973c09b4c0dda5da1f36e2524823b53874cdce585bf4d4d489f9323043f69d688cf3375ad14036e99f0b09c6bdfddf66289b4
- SSDEEP
  
  24576:87U+XfGMTwJ7RBNytH9wiPGKgIxECVVXZSELt:8g+XfjU7RBNC9wiPGKgIxE8VwE
Score

10^/10

xmrig_linux credential_access defense_evasion discovery evasion execution miner privilege_escalation rootkit
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- OS Credential Dumping
  Adversaries may attempt to dump credentials to use it in password cracking.
  credential_access
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  Abuse sudo or cached sudo credentials to execute code.
  privilege_escalation defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads list of loaded kernel modules
  Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Defense Evasion

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Indicator Removal

Clear Linux or Mac System Logs

Virtualization/Sandbox Evasion

Credential Access

OS Credential Dumping

/etc/passwd and /etc/shadow

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrig_linuxcredential_accessdefense_evasiondiscoveryevasionexecutionminerprivilege_escalationrootkit