General
-
Target
32ef08fa6f3819b255ddd3d4d77c63c17058e77550c217ae1714d0679f62802d.elf
-
Size
918KB
-
Sample
241104-cn43xs1bne
-
MD5
ef5bd456e596c4547ca089289bcae86c
-
SHA1
f7a7e411275cc4866a31ed4935c7e04d5f9d832e
-
SHA256
32ef08fa6f3819b255ddd3d4d77c63c17058e77550c217ae1714d0679f62802d
-
SHA512
7098d12e4ef5a81af3d2dbcab7acf052042ad3a8b9cdbcf4de388fd241e90809a3daf3cfc37e03f0a3e3b5c2a927636df5fcaeb5df77bf950975de7a6e0cdd05
-
SSDEEP
12288:q6Rw0BLiR6YngDkV5tkui3hp4Gyo5jBONt+zDyyUbRkoXd:q6Rw0OLngDkbtkuiRp43EjBoFk6
Malware Config
Targets
-
-
Target
32ef08fa6f3819b255ddd3d4d77c63c17058e77550c217ae1714d0679f62802d.elf
-
Size
918KB
-
MD5
ef5bd456e596c4547ca089289bcae86c
-
SHA1
f7a7e411275cc4866a31ed4935c7e04d5f9d832e
-
SHA256
32ef08fa6f3819b255ddd3d4d77c63c17058e77550c217ae1714d0679f62802d
-
SHA512
7098d12e4ef5a81af3d2dbcab7acf052042ad3a8b9cdbcf4de388fd241e90809a3daf3cfc37e03f0a3e3b5c2a927636df5fcaeb5df77bf950975de7a6e0cdd05
-
SSDEEP
12288:q6Rw0BLiR6YngDkV5tkui3hp4Gyo5jBONt+zDyyUbRkoXd:q6Rw0OLngDkbtkuiRp43EjBoFk6
Score10/10-
XMRig Miner payload
-
Xmrig family
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
2System Checks
2