General

  • Target

    xmr_linux_amd64

  • Size

    9.4MB

  • Sample

    241022-qzr5dsxfqh

  • MD5

    355086335423b9c48817e688e111a220

  • SHA1

    b054fc63f8341f2837ad0f94af24ffc980c1ed57

  • SHA256

    16601646d8a77944267e1011652f3b0c48a2c245a06986a0a9aca3afb87c7b11

  • SHA512

    74e4f1933ee573c3f751fb96ec3a7b3db016af9ab7d19f5ef0191d2325feaa4923798aa52a2374efee191da6475e412c542d2c379e0f295f58287a561dfa10f8

  • SSDEEP

    49152:Hu3qHoyXKo3Rhk9DO12pTZjCuXuNZHFWsdK0dpZQI9Y1IbgOSsQVDxTx/pQ5Enjh:O6IqaqqlEc6pCml59S1GEjAPqPhl

Malware Config

Targets

    • Target

      xmr_linux_amd64

    • Size

      9.4MB

    • MD5

      355086335423b9c48817e688e111a220

    • SHA1

      b054fc63f8341f2837ad0f94af24ffc980c1ed57

    • SHA256

      16601646d8a77944267e1011652f3b0c48a2c245a06986a0a9aca3afb87c7b11

    • SHA512

      74e4f1933ee573c3f751fb96ec3a7b3db016af9ab7d19f5ef0191d2325feaa4923798aa52a2374efee191da6475e412c542d2c379e0f295f58287a561dfa10f8

    • SSDEEP

      49152:Hu3qHoyXKo3Rhk9DO12pTZjCuXuNZHFWsdK0dpZQI9Y1IbgOSsQVDxTx/pQ5Enjh:O6IqaqqlEc6pCml59S1GEjAPqPhl

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

MITRE ATT&CK Enterprise v15

Tasks