General
-
Target
xmr_linux_amd64
-
Size
9.4MB
-
Sample
241022-qzr5dsxfqh
-
MD5
355086335423b9c48817e688e111a220
-
SHA1
b054fc63f8341f2837ad0f94af24ffc980c1ed57
-
SHA256
16601646d8a77944267e1011652f3b0c48a2c245a06986a0a9aca3afb87c7b11
-
SHA512
74e4f1933ee573c3f751fb96ec3a7b3db016af9ab7d19f5ef0191d2325feaa4923798aa52a2374efee191da6475e412c542d2c379e0f295f58287a561dfa10f8
-
SSDEEP
49152:Hu3qHoyXKo3Rhk9DO12pTZjCuXuNZHFWsdK0dpZQI9Y1IbgOSsQVDxTx/pQ5Enjh:O6IqaqqlEc6pCml59S1GEjAPqPhl
Malware Config
Targets
-
-
Target
xmr_linux_amd64
-
Size
9.4MB
-
MD5
355086335423b9c48817e688e111a220
-
SHA1
b054fc63f8341f2837ad0f94af24ffc980c1ed57
-
SHA256
16601646d8a77944267e1011652f3b0c48a2c245a06986a0a9aca3afb87c7b11
-
SHA512
74e4f1933ee573c3f751fb96ec3a7b3db016af9ab7d19f5ef0191d2325feaa4923798aa52a2374efee191da6475e412c542d2c379e0f295f58287a561dfa10f8
-
SSDEEP
49152:Hu3qHoyXKo3Rhk9DO12pTZjCuXuNZHFWsdK0dpZQI9Y1IbgOSsQVDxTx/pQ5Enjh:O6IqaqqlEc6pCml59S1GEjAPqPhl
Score10/10-
XMRig Miner payload
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-