Overview
overview
10Static
static
10yayaya min...79669C
ubuntu-18.04-amd64
yayaya min...79669C
debian-9-armhf
yayaya min...79669C
debian-9-mips
yayaya min...79669C
debian-9-mipsel
yayaya min...BCD9B4
ubuntu-22.04-amd64
10yayaya min...6FBF08
ubuntu-24.04-amd64
10yayaya min...9DE55F
ubuntu-22.04-amd64
yayaya min...81E359
ubuntu-22.04-amd64
1Analysis
-
max time kernel
149s -
max time network
143s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
02-11-2024 14:05
Behavioral task
behavioral1
Sample
yayaya miner/样本/Linux/shc加密脚本/24317B7BDEC69AD6C5075579D979669C
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
yayaya miner/样本/Linux/shc加密脚本/24317B7BDEC69AD6C5075579D979669C
Resource
debian9-armhf-20240611-en
debian-9-armhf
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
yayaya miner/样本/Linux/shc加密脚本/24317B7BDEC69AD6C5075579D979669C
Resource
debian9-mipsbe-20240729-en
debian-9-mips
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
yayaya miner/样本/Linux/shc加密脚本/24317B7BDEC69AD6C5075579D979669C
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
yayaya miner/样本/Linux/shc加密脚本/2AEE6DC8E5F8A6AEEF78BD93CDBCD9B4
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
10 signatures
150 seconds
Behavioral task
behavioral6
Sample
yayaya miner/样本/Linux/挖矿程序/F9C6C41CCE5F8CCD296514DC4F6FBF08
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
8 signatures
150 seconds
Behavioral task
behavioral7
Sample
yayaya miner/样本/Linux/隐藏进程程序/0D01BD11D1D3E7676613AACB109DE55F
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
yayaya miner/样本/Linux/隐藏进程程序/C644C04BCE21DACDEB1E6C14C081E359
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
0 signatures
150 seconds
General
-
Target
yayaya miner/样本/Linux/挖矿程序/F9C6C41CCE5F8CCD296514DC4F6FBF08
-
Size
8.4MB
-
MD5
f9c6c41cce5f8ccd296514dc4f6fbf08
-
SHA1
09540622a201b724fbb67f5520bab13e400834de
-
SHA256
9e85eeee8ea44474affec898f2dd036e56ac034eb3f4eb5b6f633c25d6780ffd
-
SHA512
9170adb4f620bd168dd4548ebfba6a2834a1d2977596625bab9a4e936f65bdbb6a0179e6aba52b135194e91fab6a3b0387d94b5e0c617c8b17f795513d656f1f
-
SSDEEP
196608:5DN7pipUgdWB4u6YuuDRBPj9EwXdz26+gMRs:5DN7pipUgdWau6YucBPjudgM
Score
10/10
Malware Config
Signatures
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
Processes:
F9C6C41CCE5F8CCD296514DC4F6FBF08description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_name F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/board_vendor F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/bios_vendor F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/sys_vendor F9C6C41CCE5F8CCD296514DC4F6FBF08 -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
Processes:
F9C6C41CCE5F8CCD296514DC4F6FBF08description ioc Process File opened for reading /sys/devices/virtual/dmi/id/bios_date F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/board_name F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/board_version F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/board_serial F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/bios_version F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/product_uuid F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/chassis_type F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/chassis_serial F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/product_version F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/product_serial F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id/chassis_version F9C6C41CCE5F8CCD296514DC4F6FBF08 -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
F9C6C41CCE5F8CCD296514DC4F6FBF08description ioc Process File opened for reading /proc/cpuinfo F9C6C41CCE5F8CCD296514DC4F6FBF08 -
Reads CPU attributes 1 TTPs 2 IoCs
Processes:
F9C6C41CCE5F8CCD296514DC4F6FBF08description ioc Process File opened for reading /sys/devices/system/cpu/online F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/system/cpu/possible F9C6C41CCE5F8CCD296514DC4F6FBF08 -
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
F9C6C41CCE5F8CCD296514DC4F6FBF08description ioc Process File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/system/node/online F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/firmware/dmi/tables/smbios_entry_point F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/id F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/size F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/kernel/mm/hugepages F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/node/devices/node0/hugepages F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cpu_capacity F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/node/devices/node0/cpumap F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/level F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/level F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/type F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/node/devices/node0/access1/initiators F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/type F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/firmware/dmi/tables/DMI F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/id F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-1048576kB/nr_hugepages F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_cpus F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/node/devices/node0/meminfo F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/node/devices/node0/access0/initiators/read_latency F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/topology/die_cpus F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/topology/physical_package_id F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/id F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cpufreq/base_frequency F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/dax/devices/target_node F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/topology/package_cpus F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cpufreq/cpuinfo_max_freq F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/node/devices/node0/access0/initiators F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/dax/devices F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/dax/target_node F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/devices/virtual/dmi/id F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/fs/cgroup/cpuset.cpus.effective F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_id F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/topology/cluster_cpus F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/level F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/number_of_sets F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/id F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/fs/cgroup/cpuset.mems.effective F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/type F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/node/devices/node0/access0/initiators/read_bandwidth F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/size F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/number_of_sets F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/fs/cgroup/cgroup.controllers F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/type F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/size F9C6C41CCE5F8CCD296514DC4F6FBF08 -
Processes:
F9C6C41CCE5F8CCD296514DC4F6FBF08description ioc Process File opened for reading /proc/mounts F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /proc/self/cpuset F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /proc/meminfo F9C6C41CCE5F8CCD296514DC4F6FBF08 File opened for reading /proc/driver/nvidia/gpus F9C6C41CCE5F8CCD296514DC4F6FBF08
Processes
-
/tmp/yayaya miner/样本/Linux/挖矿程序/F9C6C41CCE5F8CCD296514DC4F6FBF08"/tmp/yayaya miner/样本/Linux/挖矿程序/F9C6C41CCE5F8CCD296514DC4F6FBF08"1⤵
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2479