Extracted

• • Target

    2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35.elf

  • Size

    1KB

  • MD5

    a3a1adfcbc6207f3e6e0c35d3cf03904

  • SHA1

    f10f7793d4d78120395d11d7020ab626995e2c01

  • SHA256

    2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35

  • SHA512

    d66495bda3366633baed9e80dafb494bbe39cccb331a1b031c239650866489d6e45db7a9e5f3fe4e951e3f321d9eb9a0c7abf00ede54f6548c4235b9ef3debf9

  Score

  10^/10

  metasploitxmrigantivmbackdoordefense_evasiondiscoveryexecutionminerpersistenceprivilege_escalatiotrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • XMRig Miner payload

    miner

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Checks hardware identifiers (DMI)

    Checks DMI information which indicate if the system is a virtual machine.

    antivm

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalatio

  • Reads hardware information

    Accesses system info like serial numbers, manufacturer names etc.

    discovery

  • Uses Polkit to run commands

    Uses Polkit pkexec as a proxy to execute commands, possibly to bypass security restrictions.

  behavioral1