xmrig | afd21d61ab393e3ee1512b07010756c8718be56ab9fe9b0359127f1e6e306509 | Triage

Submit
Reports

Overview

overview

Static

static

1

main

ubuntu-22.04-amd64

Sharing

General

Target

main
Size

918KB
Sample

241030-lnhdlayrft
MD5

4567d8c6fc031d7e6ec7e05d7bf0875b
SHA1

136ed52d890bc49b5dc2792d8b20511b88c24f9c
SHA256

afd21d61ab393e3ee1512b07010756c8718be56ab9fe9b0359127f1e6e306509
SHA512

90bb019e9ea322d2d4972bf043bdc2b798b3b5c5d8d42c0641072db64dce2bbfd3d34b7ff6bbefe0d3aabbb3dd54e15e5262dca3065d87f7299f321a173d7d97
SSDEEP

12288:qfbx0BUBiCIT+yaXkeG2eNBRvlqoQfGO26dyynbikoYAw:qfbx0xCIT+xXkeGNNB33QR8kB1

Score

10^/10

xmrig xmrig_linux antivm defense_evasion discovery execution linux miner persistence privilege_escalatio

Static task

static1

Behavioral task

behavioral1

Sample

main

Resource

ubuntu2204-amd64-20240611-en

xmrig xmrig_linux antivm defense_evasion discovery execution miner persistence privilege_escalatio

ubuntu-22.04-amd64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  main
- Size
  
  918KB
- MD5
  
  4567d8c6fc031d7e6ec7e05d7bf0875b
- SHA1
  
  136ed52d890bc49b5dc2792d8b20511b88c24f9c
- SHA256
  
  afd21d61ab393e3ee1512b07010756c8718be56ab9fe9b0359127f1e6e306509
- SHA512
  
  90bb019e9ea322d2d4972bf043bdc2b798b3b5c5d8d42c0641072db64dce2bbfd3d34b7ff6bbefe0d3aabbb3dd54e15e5262dca3065d87f7299f321a173d7d97
- SSDEEP
  
  12288:qfbx0BUBiCIT+yaXkeG2eNBRvlqoQfGO26dyynbikoYAw:qfbx0xCIT+xXkeGNNB33QR8kB1
Score

10^/10

xmrig xmrig_linux antivm defense_evasion discovery execution miner persistence privilege_escalatio
- XMRig Miner payload
  miner
- Xmrig family
  xmrig
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigxmrig_linuxantivmdefense_evasiondiscoveryexecutionminerpersistenceprivilege_escalatio

© 2018-2024

Terms | Privacy