General
-
Target
.main.elf
-
Size
918KB
-
Sample
241030-sylmbsvncw
-
MD5
1b1445cab8443509f13769a3c479404f
-
SHA1
9b1fcc3637f92d8fa281f7ab2243cb382f4be285
-
SHA256
864a395c401c668ac8e23aa27eb4bc281e3734d4eafc29178174d79bae48a173
-
SHA512
1555c924ad0b94e1189eebe6c091282a9f65d82a46af1cc02f994fc2efdfe0e3de278ad0aa9e699733530c3b654e4249e8b045a2b0690d0a3cd97b0ff99adedb
-
SSDEEP
12288:3LCQ0Bliw+6jJlLBkVVXNaasdLg3HLsyRE+9buxxRHKyyubFkDfHx:3LCQ01+6jJHkVVXMasdLg3LZNb0vkT
Static task
static1
Behavioral task
behavioral1
Sample
.main.elf
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
.main.elf
-
Size
918KB
-
MD5
1b1445cab8443509f13769a3c479404f
-
SHA1
9b1fcc3637f92d8fa281f7ab2243cb382f4be285
-
SHA256
864a395c401c668ac8e23aa27eb4bc281e3734d4eafc29178174d79bae48a173
-
SHA512
1555c924ad0b94e1189eebe6c091282a9f65d82a46af1cc02f994fc2efdfe0e3de278ad0aa9e699733530c3b654e4249e8b045a2b0690d0a3cd97b0ff99adedb
-
SSDEEP
12288:3LCQ0Bliw+6jJlLBkVVXNaasdLg3HLsyRE+9buxxRHKyyubFkDfHx:3LCQ01+6jJHkVVXMasdLg3LZNb0vkT
-
XMRig Miner payload
-
Xmrig family
-
Xmrig_linux family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
2System Checks
2