General

  • Target

    main

  • Size

    918KB

  • Sample

    241030-lnhdlayrft

  • MD5

    4567d8c6fc031d7e6ec7e05d7bf0875b

  • SHA1

    136ed52d890bc49b5dc2792d8b20511b88c24f9c

  • SHA256

    afd21d61ab393e3ee1512b07010756c8718be56ab9fe9b0359127f1e6e306509

  • SHA512

    90bb019e9ea322d2d4972bf043bdc2b798b3b5c5d8d42c0641072db64dce2bbfd3d34b7ff6bbefe0d3aabbb3dd54e15e5262dca3065d87f7299f321a173d7d97

  • SSDEEP

    12288:qfbx0BUBiCIT+yaXkeG2eNBRvlqoQfGO26dyynbikoYAw:qfbx0xCIT+xXkeGNNB33QR8kB1

Malware Config

Targets

    • Target

      main

    • Size

      918KB

    • MD5

      4567d8c6fc031d7e6ec7e05d7bf0875b

    • SHA1

      136ed52d890bc49b5dc2792d8b20511b88c24f9c

    • SHA256

      afd21d61ab393e3ee1512b07010756c8718be56ab9fe9b0359127f1e6e306509

    • SHA512

      90bb019e9ea322d2d4972bf043bdc2b798b3b5c5d8d42c0641072db64dce2bbfd3d34b7ff6bbefe0d3aabbb3dd54e15e5262dca3065d87f7299f321a173d7d97

    • SSDEEP

      12288:qfbx0BUBiCIT+yaXkeG2eNBRvlqoQfGO26dyynbikoYAw:qfbx0xCIT+xXkeGNNB33QR8kB1

    • XMRig Miner payload

    • Xmrig family

    • Xmrig_linux family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

MITRE ATT&CK Enterprise v15

Tasks