xmrig

Sharing

Copy URL

Twitter E-mail

General

Target

b58ab5834a47562e7f9afb41b75e4f690b85afc5d41868419d10f7b35424ffad
Size

3.7MB
Sample

241102-rd67vswjgv
MD5

5d357cf334210f21031b9c4897838af4
SHA1

291853dfc2e6a0eb27dc77da684a865461fcaf52
SHA256

b58ab5834a47562e7f9afb41b75e4f690b85afc5d41868419d10f7b35424ffad
SHA512

f938b6fc04b58d5f6f8e06ea0204ded2d46313154deb09aaa12003fd2c363a3d07d3fdcb933a1eb21543e22f388f29e4577e3f90bb02b58c775035ad1bb49588
SSDEEP

98304:5nnfF660nTvDhOdbcwXbUYdzfvB7CR+5V4zzjnd5yF7W9qd:5nN6VEAuzXRCs5kd07QY

Score

10^/10

Malware Config

Targets

- Target
  
  yayaya miner/样本/Linux/shc加密脚本/24317B7BDEC69AD6C5075579D979669C
- Size
  
  20KB
- MD5
  
  24317b7bdec69ad6c5075579d979669c
- SHA1
  
  caa747522875e26231c4f804c69cf7162551dd19
- SHA256
  
  a41ab2dfb68bcab2418951aeeb43dc7489c18d3350c7559291d75f6434cfc08e
- SHA512
  
  63929b603f068777c4aecb7c272608d61e331631910b49f5e6422acf5bc0b361507347963745d220a34a1f7d731e50585d23bf78655764c1f741f317df592671
- SSDEEP
  
  192:wrcysh4igi6tqWw8yg86gzFlLV8lwVzI3/SqRUS94DjnO5phgrDINQkFt6:mil6tkogRlLV8lwVzI3/ShSyfIgvINtm
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  yayaya miner/样本/Linux/shc加密脚本/2AEE6DC8E5F8A6AEEF78BD93CDBCD9B4
- Size
  
  32KB
- MD5
  
  2aee6dc8e5f8a6aeef78bd93cdbcd9b4
- SHA1
  
  98e3b6ce5b05a97a2b6c77a88f61f1a1f3d891f4
- SHA256
  
  0aa920ecef233dce94895ad1e258fa70855fbac8596d862e9a8266bb600c2a78
- SHA512
  
  de16183d16974d531fb123fb1c4065b7668cd554cf6ef48588d970e0562440164b9bc55dbe64c424ebf5798c2513d75d6dcaf8fa72d5ffa902ec7c7202e71531
- SSDEEP
  
  768:Dycp0iv+wlXrvIH+tBl+fnN5FRS2R/tX/NU38QV:m5ANmH+tB47DnRha38QV
Score

10^/10

xmrig_linux defense_evasion discovery evasion execution miner rootkit
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads list of loaded kernel modules
  Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
  evasion
behavioral5
- Target
  
  yayaya miner/样本/Linux/挖矿程序/F9C6C41CCE5F8CCD296514DC4F6FBF08
- Size
  
  8.4MB
- MD5
  
  f9c6c41cce5f8ccd296514dc4f6fbf08
- SHA1
  
  09540622a201b724fbb67f5520bab13e400834de
- SHA256
  
  9e85eeee8ea44474affec898f2dd036e56ac034eb3f4eb5b6f633c25d6780ffd
- SHA512
  
  9170adb4f620bd168dd4548ebfba6a2834a1d2977596625bab9a4e936f65bdbb6a0179e6aba52b135194e91fab6a3b0387d94b5e0c617c8b17f795513d656f1f
- SSDEEP
  
  196608:5DN7pipUgdWB4u6YuuDRBPj9EwXdz26+gMRs:5DN7pipUgdWau6YucBPjudgM
Score

10^/10

xmrig_linux antivm discovery miner
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral6
- Target
  
  yayaya miner/样本/Linux/隐藏进程程序/0D01BD11D1D3E7676613AACB109DE55F
- Size
  
  14KB
- MD5
  
  0d01bd11d1d3e7676613aacb109de55f
- SHA1
  
  317f1a5ac392476d32920eeba5d5d5539ea0be2b
- SHA256
  
  45ed59d5b27d22567d91a65623d3b7f11726f55b497c383bc2d8d330e5e17161
- SHA512
  
  433450c6c4fbf2a9ea7eda816f872283ef548e7c8b35c22c8250d0a2d06f9cda862d64f1de799d635c1541ef7e5650548a7a9a6d3b8e64667dcdb7c471271b58
- SSDEEP
  
  192:fjU408Q7akapzlalhJYu4/c0B+4BIEQ1iZcXtCE7hwfn:fjo8QmDpp+MVZYti
Score

1^/10
behavioral7
- Target
  
  yayaya miner/样本/Linux/隐藏进程程序/C644C04BCE21DACDEB1E6C14C081E359
- Size
  
  818KB
- MD5
  
  c644c04bce21dacdeb1e6c14c081e359
- SHA1
  
  59f5b21ef8a570c02453b5edb0e750a42a1382f6
- SHA256
  
  7fe9d6d8b9390020862ca7dc9e69c1e2b676db5898e4bfad51d66250e9af3eaf
- SHA512
  
  0748de2583e3fd33a19b1180875a9e3991b1d5ac403152b65c247a701cf00c70b3ee87e5518e8d9f5102317647a45ed60f7e139c40b88c5396b76aba7d82f076
- SSDEEP
  
  12288:Vui9LWdJeS1cm27VCabT/BrVSr5oWOy7jaZH/QQwK54k2QPPVi97ATmsh1FjR8k:VumLWdJeS1cm27VtyXawuKQ3VwAiS1v
Score

1^/10
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Unix Shell

T1059.004

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

Clear Linux or Mac System Logs

T1070.002

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Xmrig_linux family

Loads a kernel module

Deletes log files

Enumerates running processes

Reads list of loaded kernel modules

Xmrig_linux family

xmrig

Checks hardware identifiers (DMI)

Reads hardware information

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8