Overview

overview

10

Static

static

5

netaddr

debian-12-armhf

netaddr

debian-12-mipsel

netaddr

debian-9-armhf

netaddr

debian-9-mips

netaddr

debian-9-mipsel

netaddr

ubuntu-18.04-amd64

10

netaddr

ubuntu-20.04-amd64

10

netaddr

ubuntu-22.04-amd64

10

netaddr

ubuntu-24.04-amd64

10

Resubmissions

10/12/2024, 18:27 UTC

241210-w322naxrgk 10

15/11/2024, 17:55 UTC

241115-whtvjsyfpp 10

15/11/2024, 17:48 UTC

241115-wdwtcaxphy 10

Analysis

  • max time kernel
    5s
  • max time network
    5s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    15/11/2024, 17:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    netaddr

  • Size

    2.7MB

  • MD5

    d3ded6e2bc7c3be35de8e21b3a6f6377

  • SHA1

    2c76eb217720e628cd230e9543846802f813c203

  • SHA256

    0730bcc54e11905817761dad591a0a69fee73c14c5f16ea155034383976b24b2

  • SHA512

    55a2c4f39642c56ee7ee00ef49c47086ff08017d969c354858c37a7ccc1c729e424f376b58e60aa178dd96431be82fe97592e9c12a0d6dc96440253fd1a1e124

  • SSDEEP

    49152:TaSTsKoIsBdROFjHTlmvhnKHK9gzNKgvHbRtbJ+oTBT+VvmRut++pLL0rfsDoNQU:TdsBdROFjHTgvhKHKAKgvHbRtb0ysVvE

Score
10/10
xmrigxmrig_linuxantivmdiscoveryminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • Xmrig_linux family
    xmrig_linux
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig_linux
  • XMRig Miner payload 1 IoCs
    miner
  • Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

    antivm
  • Reads hardware information 1 TTPs 14 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

    discovery
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 45 IoCs
    discovery
  • Enumerates kernel/hardware configuration 1 TTPs 24 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 8 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/netaddr
    /tmp/netaddr
    1⤵
    • Checks hardware identifiers (DMI)
    • Reads hardware information
    • Checks CPU configuration
    • Reads CPU attributes
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:1504

Network

  • flag-us
    DNS
    auto.c3pool.org
    Remote address:
    1.1.1.1:53
    Request
    auto.c3pool.org
    IN A
    Response
    auto.c3pool.org
    IN A
    5.75.158.61
    auto.c3pool.org
    IN A
    88.198.117.174
  • flag-us
    DNS
    auto.c3pool.org
    Remote address:
    1.1.1.1:53
    Request
    auto.c3pool.org
    IN AAAA
    Response
  • flag-us
    DNS
    ocp-ingress.fastly.gnome.org
    Remote address:
    1.1.1.1:53
    Request
    ocp-ingress.fastly.gnome.org
    IN A
    Response
    ocp-ingress.fastly.gnome.org
    IN A
    151.101.65.91
    ocp-ingress.fastly.gnome.org
    IN A
    151.101.129.91
    ocp-ingress.fastly.gnome.org
    IN A
    151.101.193.91
    ocp-ingress.fastly.gnome.org
    IN A
    151.101.1.91
  • 185.125.188.62:443
    tls
    135 B
     2
  • 185.125.188.62:443
    tls
    135 B
     2
  • 151.101.1.91:443
    tls, https
    233 B
     40 B
     1
    1
  • 151.101.65.91:443
    extensions.gnome.org
    tls
    4.3kB
     221.8kB
     72
    168
  • 89.187.167.5:443
    tls, https
    1.9kB
     8
  • 224.0.0.251:5353
    73 B
     1
  • 1.1.1.1:53
    auto.c3pool.org
    dns
    72 B
     104 B
     1
    1

    DNS Request

    auto.c3pool.org

    DNS Response

    5.75.158.61
    88.198.117.174

  • 1.1.1.1:53
    auto.c3pool.org
    dns
    72 B
     142 B
     1
    1

    DNS Request

    auto.c3pool.org

  • 1.1.1.1:53
    ocp-ingress.fastly.gnome.org
    dns
    85 B
     149 B
     1
    1

    DNS Request

    ocp-ingress.fastly.gnome.org

    DNS Response

    151.101.65.91
    151.101.129.91
    151.101.193.91
    151.101.1.91

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.