metasploit | 3d8925edeadd34930c9118cf551c581d2422b618930cff4701006affb60f0c40 | Triage

Submit
Reports

Overview

overview

Static

static

2636f4d5fa...35.elf

ubuntu-22.04-amd64

Sharing

General

Target

a3a1adfcbc6207f3e6e0c35d3cf03904.bin
Size

1KB
Sample

241020-byjz3a1crc
MD5

6b2fb0bdc6470c238ca377a50a5652b1
SHA1

2000fb97a7fb8ad8d4ef4a05281cffa1ddb2789e
SHA256

3d8925edeadd34930c9118cf551c581d2422b618930cff4701006affb60f0c40
SHA512

f89083997e336b6f32927d2e6a8f0a435b13f08a5bb06aa9ff65f5723274e3d5164d133694fd4dba2fa40f30eb65cee749e0b131a6832f95a73184059c76a6d3

Score

10^/10

metasploit xmrig antivm backdoor defense_evasion discovery execution linux miner persistence privilege_escalatio trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35.elf

Resource

ubuntu2204-amd64-20240611-en

metasploit xmrig antivm backdoor defense_evasion discovery execution miner persistence privilege_escalatio trojan

ubuntu-22.04-amd64

14 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

- Target
  
  2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35.elf
- Size
  
  1KB
- MD5
  
  a3a1adfcbc6207f3e6e0c35d3cf03904
- SHA1
  
  f10f7793d4d78120395d11d7020ab626995e2c01
- SHA256
  
  2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35
- SHA512
  
  d66495bda3366633baed9e80dafb494bbe39cccb331a1b031c239650866489d6e45db7a9e5f3fe4e951e3f321d9eb9a0c7abf00ede54f6548c4235b9ef3debf9
Score

10^/10

metasploit xmrig antivm backdoor defense_evasion discovery execution miner persistence privilege_escalatio trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- XMRig Miner payload
  miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitxmrigantivmbackdoordefense_evasiondiscoveryexecutionminerpersistenceprivilege_escalatiotrojan

© 2018-2024

Terms | Privacy