General

  • Target

    initrd_6d6f0baa

  • Size

    32KB

  • Sample

    241024-bn55jsxgja

  • MD5

    a3ba12b3990ff7518678c9c9a90e9aa8

  • SHA1

    81375fad1155bb8a04fb229c311aac1ae28ebb17

  • SHA256

    7dc6436dbcefb6bf21c7f50ee08ca25df00324c638ff3c9a25ff03636362794d

  • SHA512

    2b2be2e25d0ca527e56d6aa4f4a980298b74f9a30876c9786de863881c2477735170d33f2239540765d1a53a75f79cdbf857dc971a2822badb01cbaec5185ef7

  • SSDEEP

    384:yn+QBT1NLGhk8tGJAeMnsppgRE9hCxKpLIgP8JxvbIUpGJSnQVXUX7SbTR:y+QFT6dtGJAejpxf183bIUoAnQWObT

Malware Config

Targets

    • Target

      initrd_6d6f0baa

    • Size

      32KB

    • MD5

      a3ba12b3990ff7518678c9c9a90e9aa8

    • SHA1

      81375fad1155bb8a04fb229c311aac1ae28ebb17

    • SHA256

      7dc6436dbcefb6bf21c7f50ee08ca25df00324c638ff3c9a25ff03636362794d

    • SHA512

      2b2be2e25d0ca527e56d6aa4f4a980298b74f9a30876c9786de863881c2477735170d33f2239540765d1a53a75f79cdbf857dc971a2822badb01cbaec5185ef7

    • SSDEEP

      384:yn+QBT1NLGhk8tGJAeMnsppgRE9hCxKpLIgP8JxvbIUpGJSnQVXUX7SbTR:y+QFT6dtGJAejpxf183bIUoAnQWObT

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Deletes journal logs

      Deletes systemd journal logs. Likely to evade detection.

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    • Deletes log files

      Deletes log files on the system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

MITRE ATT&CK Enterprise v15

Tasks