Overview

overview

10

Static

static

1

runnb.sh

debian-9-mipsel

7

runnb.sh

ubuntu-20.04-amd64

10

runnb.sh

ubuntu-22.04-amd64

10

runnb.sh

ubuntu-24.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    runnb.sh

  • Size

    213B

  • Sample

    241030-qfn9dssngy

  • MD5

    a1189543e2f98f6696c6d857b899ab0a

  • SHA1

    30b167128357a05cb5ae4d8bd386d63839d99c4d

  • SHA256

    a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6

  • SHA512

    472e7cd110beb4c0ff9990763988190c875dccecc726753e295d4419413bfd14ed867a9a5977adf2d6e87d6e80f18abbdd0a929473f02bbfb24e1531e71d7aef

Score
10/10
xmrigxmrig_linuxantivmcredential_accessdefense_evasiondiscoverylinuxminerprivilege_escalation

Malware Config

Targets

    • Target

      runnb.sh

    • Size

      213B

    • MD5

      a1189543e2f98f6696c6d857b899ab0a

    • SHA1

      30b167128357a05cb5ae4d8bd386d63839d99c4d

    • SHA256

      a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6

    • SHA512

      472e7cd110beb4c0ff9990763988190c875dccecc726753e295d4419413bfd14ed867a9a5977adf2d6e87d6e80f18abbdd0a929473f02bbfb24e1531e71d7aef

    Score
    10/10
    defense_evasiondiscoveryprivilege_escalationxmrigxmrig_linuxantivmcredential_accessminer

    • XMRig Miner payload

      miner

    • Xmrig family

      xmrig

    • Xmrig_linux family

      xmrig_linux

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

      credential_access

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

      privilege_escalationdefense_evasion

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

      antivm

    • Legitimate hosting services abused for malware hosting/C2

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks