General
-
Target
xmr_linux_amd64 (1)
-
Size
9.3MB
-
Sample
241022-qghg8swgnc
-
MD5
30ed78992f6bfe3b10a1687950a46933
-
SHA1
11738358a01cae7cc1665903344656cc024bfca7
-
SHA256
a5045141162aebd4305f7eb40b3ca5ae76f2841c7d06bf65e9aa29d9ae3688a3
-
SHA512
a2e771bd3dcaec8fe2bdf2a08915db840f685bbf29d04e2bb4b9919e2dfbcf92368a7a9cf78096b1382d4864fad1ec6a270a4b82f05ce68109d0e42f816d3f1a
-
SSDEEP
49152:VpG6uvlGxmRazlSg7SYQJHyQJRHOVYggfvwMui0VPo5mX7XEcLUH/41rKSkR7N4G:XeMhyTQQrD4vVVimfk/FFiIEXMKQYC3
Malware Config
Targets
-
-
Target
xmr_linux_amd64 (1)
-
Size
9.3MB
-
MD5
30ed78992f6bfe3b10a1687950a46933
-
SHA1
11738358a01cae7cc1665903344656cc024bfca7
-
SHA256
a5045141162aebd4305f7eb40b3ca5ae76f2841c7d06bf65e9aa29d9ae3688a3
-
SHA512
a2e771bd3dcaec8fe2bdf2a08915db840f685bbf29d04e2bb4b9919e2dfbcf92368a7a9cf78096b1382d4864fad1ec6a270a4b82f05ce68109d0e42f816d3f1a
-
SSDEEP
49152:VpG6uvlGxmRazlSg7SYQJHyQJRHOVYggfvwMui0VPo5mX7XEcLUH/41rKSkR7N4G:XeMhyTQQrD4vVVimfk/FFiIEXMKQYC3
Score10/10-
XMRig Miner payload
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Executes dropped EXE
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-