General

  • Target

    .main.elf

  • Size

    918KB

  • Sample

    241103-lv22ks1gjj

  • MD5

    ef5bd456e596c4547ca089289bcae86c

  • SHA1

    f7a7e411275cc4866a31ed4935c7e04d5f9d832e

  • SHA256

    32ef08fa6f3819b255ddd3d4d77c63c17058e77550c217ae1714d0679f62802d

  • SHA512

    7098d12e4ef5a81af3d2dbcab7acf052042ad3a8b9cdbcf4de388fd241e90809a3daf3cfc37e03f0a3e3b5c2a927636df5fcaeb5df77bf950975de7a6e0cdd05

  • SSDEEP

    12288:q6Rw0BLiR6YngDkV5tkui3hp4Gyo5jBONt+zDyyUbRkoXd:q6Rw0OLngDkbtkuiRp43EjBoFk6

Malware Config

Targets

    • Target

      .main.elf

    • Size

      918KB

    • MD5

      ef5bd456e596c4547ca089289bcae86c

    • SHA1

      f7a7e411275cc4866a31ed4935c7e04d5f9d832e

    • SHA256

      32ef08fa6f3819b255ddd3d4d77c63c17058e77550c217ae1714d0679f62802d

    • SHA512

      7098d12e4ef5a81af3d2dbcab7acf052042ad3a8b9cdbcf4de388fd241e90809a3daf3cfc37e03f0a3e3b5c2a927636df5fcaeb5df77bf950975de7a6e0cdd05

    • SSDEEP

      12288:q6Rw0BLiR6YngDkV5tkui3hp4Gyo5jBONt+zDyyUbRkoXd:q6Rw0OLngDkbtkuiRp43EjBoFk6

    • XMRig Miner payload

    • Xmrig family

    • Xmrig_linux family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

MITRE ATT&CK Enterprise v15

Tasks