General
-
Target
runnb.sh
-
Size
213B
-
Sample
241030-j6vqjazaqa
-
MD5
a1189543e2f98f6696c6d857b899ab0a
-
SHA1
30b167128357a05cb5ae4d8bd386d63839d99c4d
-
SHA256
a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6
-
SHA512
472e7cd110beb4c0ff9990763988190c875dccecc726753e295d4419413bfd14ed867a9a5977adf2d6e87d6e80f18abbdd0a929473f02bbfb24e1531e71d7aef
Static task
static1
Behavioral task
behavioral1
Sample
runnb.sh
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral2
Sample
runnb.sh
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral3
Sample
runnb.sh
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
runnb.sh
-
Size
213B
-
MD5
a1189543e2f98f6696c6d857b899ab0a
-
SHA1
30b167128357a05cb5ae4d8bd386d63839d99c4d
-
SHA256
a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6
-
SHA512
472e7cd110beb4c0ff9990763988190c875dccecc726753e295d4419413bfd14ed867a9a5977adf2d6e87d6e80f18abbdd0a929473f02bbfb24e1531e71d7aef
-
XMRig Miner payload
-
Xmrig family
-
Xmrig_linux family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Legitimate hosting services abused for malware hosting/C2
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
3System Checks
3