General
-
Target
initrd_6d6f0baa
-
Size
32KB
-
Sample
241024-bn55jsxgja
-
MD5
a3ba12b3990ff7518678c9c9a90e9aa8
-
SHA1
81375fad1155bb8a04fb229c311aac1ae28ebb17
-
SHA256
7dc6436dbcefb6bf21c7f50ee08ca25df00324c638ff3c9a25ff03636362794d
-
SHA512
2b2be2e25d0ca527e56d6aa4f4a980298b74f9a30876c9786de863881c2477735170d33f2239540765d1a53a75f79cdbf857dc971a2822badb01cbaec5185ef7
-
SSDEEP
384:yn+QBT1NLGhk8tGJAeMnsppgRE9hCxKpLIgP8JxvbIUpGJSnQVXUX7SbTR:y+QFT6dtGJAejpxf183bIUoAnQWObT
Malware Config
Targets
-
-
Target
initrd_6d6f0baa
-
Size
32KB
-
MD5
a3ba12b3990ff7518678c9c9a90e9aa8
-
SHA1
81375fad1155bb8a04fb229c311aac1ae28ebb17
-
SHA256
7dc6436dbcefb6bf21c7f50ee08ca25df00324c638ff3c9a25ff03636362794d
-
SHA512
2b2be2e25d0ca527e56d6aa4f4a980298b74f9a30876c9786de863881c2477735170d33f2239540765d1a53a75f79cdbf857dc971a2822badb01cbaec5185ef7
-
SSDEEP
384:yn+QBT1NLGhk8tGJAeMnsppgRE9hCxKpLIgP8JxvbIUpGJSnQVXUX7SbTR:y+QFT6dtGJAejpxf183bIUoAnQWObT
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Deletes journal logs
Deletes systemd journal logs. Likely to evade detection.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-