Analysis
-
max time kernel
0s -
max time network
129s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
19-10-2024 16:45
Behavioral task
behavioral1
Sample
__min__.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
7 signatures
150 seconds
General
-
Target
__min__.elf
-
Size
8.2MB
-
MD5
8f96e8b4e9d26884c776c1b42a70bae5
-
SHA1
53a4166052211abf77e1edf0d71c7a6faae12cc5
-
SHA256
5e5fd0bc5f1bd663d7ccc2695c2b56bd382df3c7fdac605eb0ce3c0d5df24dc4
-
SHA512
4709a5ee74cf3e91472b64891eaf9cd7cd8bde6059be6fd892863274c505fd3cf5f5631d66d01ab645406adb76b6123d287d97e90a6c08bf8f8a935a6624dcec
-
SSDEEP
98304:9gbeLl/trEBg0QVwNY9vQYdeDvDvD0drXpC3RUDXRkJ1vqXZ35Do0Gl5qbOCWPEw:xlakkEd/bcASfD/z0HP5s
Score
10/10
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
Processes:
__min__.elfdescription ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_name __min__.elf File opened for reading /sys/devices/virtual/dmi/id/board_vendor __min__.elf File opened for reading /sys/devices/virtual/dmi/id/bios_vendor __min__.elf File opened for reading /sys/devices/virtual/dmi/id/sys_vendor __min__.elf -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
Processes:
__min__.elfdescription ioc Process File opened for reading /sys/devices/virtual/dmi/id/board_version __min__.elf File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag __min__.elf File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor __min__.elf File opened for reading /sys/devices/virtual/dmi/id/chassis_serial __min__.elf File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag __min__.elf File opened for reading /sys/devices/virtual/dmi/id/product_uuid __min__.elf File opened for reading /sys/devices/virtual/dmi/id/board_name __min__.elf File opened for reading /sys/devices/virtual/dmi/id/chassis_version __min__.elf File opened for reading /sys/devices/virtual/dmi/id/product_serial __min__.elf File opened for reading /sys/devices/virtual/dmi/id/chassis_type __min__.elf File opened for reading /sys/devices/virtual/dmi/id/board_serial __min__.elf File opened for reading /sys/devices/virtual/dmi/id/bios_date __min__.elf File opened for reading /sys/devices/virtual/dmi/id/product_version __min__.elf File opened for reading /sys/devices/virtual/dmi/id/bios_version __min__.elf -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
__min__.elfdescription ioc Process File opened for reading /proc/cpuinfo __min__.elf -
Reads CPU attributes 1 TTPs 45 IoCs
Processes:
__min__.elfdescription ioc Process File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition __min__.elf File opened for reading /sys/devices/system/cpu/online __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency __min__.elf File opened for reading /sys/devices/system/cpu/possible __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map __min__.elf File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map __min__.elf -
Enumerates kernel/hardware configuration 1 TTPs 24 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
__min__.elfdescription ioc Process File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth __min__.elf File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency __min__.elf File opened for reading /sys/fs/cgroup/cgroup.controllers __min__.elf File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages __min__.elf File opened for reading /sys/devices/system/node/node0/meminfo __min__.elf File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages __min__.elf File opened for reading /sys/bus/dax/devices __min__.elf File opened for reading /sys/devices/system/node/node0/access1/initiators __min__.elf File opened for reading /sys/fs/cgroup/cpuset.cpus.effective __min__.elf File opened for reading /sys/devices/cpu_atom/cpus __min__.elf File opened for reading /sys/kernel/mm/hugepages __min__.elf File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth __min__.elf File opened for reading /sys/devices/system/cpu __min__.elf File opened for reading /sys/devices/cpu_core/cpus __min__.elf File opened for reading /sys/devices/system/node/node0/cpumap __min__.elf File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages __min__.elf File opened for reading /sys/devices/system/node/node0/access0/initiators __min__.elf File opened for reading /sys/devices/virtual/dmi/id __min__.elf File opened for reading /sys/bus/soc/devices __min__.elf File opened for reading /sys/fs/cgroup/cpuset.mems.effective __min__.elf File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages __min__.elf File opened for reading /sys/devices/system/node/online __min__.elf File opened for reading /sys/devices/system/node/node0/hugepages __min__.elf File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency __min__.elf -
Processes:
__min__.elfdescription ioc Process File opened for reading /proc/mounts __min__.elf File opened for reading /proc/self/cpuset __min__.elf File opened for reading /proc/meminfo __min__.elf File opened for reading /proc/driver/nvidia/gpus __min__.elf File opened for reading /proc/cmdline __min__.elf