Malware Analysis Report

2024-12-08 02:33

Sample ID 241115-wdwtcaxphy
Target netaddr
SHA256 0730bcc54e11905817761dad591a0a69fee73c14c5f16ea155034383976b24b2
Tags
xmrig xmrig_linux antivm discovery miner upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0730bcc54e11905817761dad591a0a69fee73c14c5f16ea155034383976b24b2

Threat Level: Known bad

The file netaddr was found to be: Known bad.

Malicious Activity Summary

xmrig xmrig_linux antivm discovery miner upx

Xmrig_linux family

xmrig

Xmrig family

xmrig

XMRig Miner payload

Checks hardware identifiers (DMI)

Reads hardware information

UPX packed file

Reads CPU attributes

Checks CPU configuration

Reads runtime system information

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-15 17:48

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-15 17:48

Reported

2024-11-15 17:50

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

24s

Max time network

8s

Command Line

[/tmp/netaddr]

Signatures

Xmrig family

xmrig

Xmrig_linux family

xmrig_linux

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/netaddr N/A

Reads hardware information

discovery
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/netaddr N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/netaddr N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/online /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/possible /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /tmp/netaddr N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/cpuset.cpus.effective /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /tmp/netaddr N/A
File opened for reading /sys/firmware/dmi/tables/smbios_entry_point /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu /tmp/netaddr N/A
File opened for reading /sys/firmware/dmi/tables/DMI /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/cgroup.controllers /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access1/initiators /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/cpuset.mems.effective /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages /tmp/netaddr N/A
File opened for reading /sys/bus/soc/devices /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/online /tmp/netaddr N/A
File opened for reading /sys/bus/dax/devices /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/netaddr N/A
File opened for reading /sys/devices/cpu_atom/cpus /tmp/netaddr N/A
File opened for reading /sys/devices/cpu_core/cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/netaddr N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/version_signature /tmp/netaddr N/A
File opened for reading /proc/sys/vm/nr_hugepages /tmp/netaddr N/A
File opened for reading /proc/self/exe /tmp/netaddr N/A
File opened for reading /proc/cmdline /tmp/netaddr N/A
File opened for reading /proc/mounts /tmp/netaddr N/A
File opened for reading /proc/self/cpuset /tmp/netaddr N/A
File opened for reading /proc/meminfo /tmp/netaddr N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/netaddr N/A

Processes

/tmp/netaddr

[/tmp/netaddr]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 auto.c3pool.org udp
DE 88.198.117.174:19999 auto.c3pool.org tcp

Files

memory/2479-1-0x0000000000400000-0x0000000000ca9178-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-15 17:48

Reported

2024-11-15 17:50

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

28s

Max time network

15s

Command Line

[/tmp/netaddr]

Signatures

Xmrig family

xmrig

Xmrig_linux family

xmrig_linux

xmrig

miner xmrig_linux

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/netaddr N/A

Reads hardware information

discovery
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/netaddr N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/netaddr N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/possible /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/online /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /tmp/netaddr N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/devices/cpu_atom/cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu /tmp/netaddr N/A
File opened for reading /sys/firmware/dmi/tables/smbios_entry_point /tmp/netaddr N/A
File opened for reading /sys/bus/dax/devices /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages /tmp/netaddr N/A
File opened for reading /sys/firmware/dmi/tables/DMI /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/cpuset.cpus.effective /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators /tmp/netaddr N/A
File opened for reading /sys/bus/soc/devices /tmp/netaddr N/A
File opened for reading /sys/devices/cpu_core/cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/online /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/cpuset.mems.effective /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access1/initiators /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/cgroup.controllers /tmp/netaddr N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/mounts /tmp/netaddr N/A
File opened for reading /proc/self/cpuset /tmp/netaddr N/A
File opened for reading /proc/meminfo /tmp/netaddr N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/netaddr N/A
File opened for reading /proc/version_signature /tmp/netaddr N/A
File opened for reading /proc/sys/vm/nr_hugepages /tmp/netaddr N/A
File opened for reading /proc/self/exe /tmp/netaddr N/A
File opened for reading /proc/cmdline /tmp/netaddr N/A

Processes

/tmp/netaddr

[/tmp/netaddr]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 auto.c3pool.org udp
DE 88.198.117.174:19999 auto.c3pool.org tcp

Files

memory/1587-1-0x0000000000400000-0x0000000000ca9178-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-15 17:48

Reported

2024-11-15 17:49

Platform

debian9-armhf-20240729-en

Max time kernel

0s

Command Line

[/tmp/netaddr]

Signatures

N/A

Processes

/tmp/netaddr

[/tmp/netaddr]

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-15 17:48

Reported

2024-11-15 17:49

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/netaddr]

Signatures

N/A

Processes

/tmp/netaddr

[/tmp/netaddr]

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-15 17:48

Reported

2024-11-15 17:49

Platform

debian9-mipsel-20240418-en

Max time kernel

0s

Command Line

[/tmp/netaddr]

Signatures

N/A

Processes

/tmp/netaddr

[/tmp/netaddr]

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-15 17:48

Reported

2024-11-15 17:50

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

5s

Max time network

5s

Command Line

[/tmp/netaddr]

Signatures

Xmrig family

xmrig

Xmrig_linux family

xmrig_linux

xmrig

miner xmrig_linux

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/netaddr N/A

Reads hardware information

discovery
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/netaddr N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/netaddr N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_siblings /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/thread_siblings /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/possible /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/online /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition /tmp/netaddr N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /tmp/netaddr N/A
File opened for reading /sys/bus/soc/devices /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/netaddr N/A
File opened for reading /sys/devices/cpu_atom/cpus /tmp/netaddr N/A
File opened for reading /sys/devices/cpu_core/cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/online /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/netaddr N/A
File opened for reading /sys/bus/dax/devices /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/unified/cgroup.controllers /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /tmp/netaddr N/A
File opened for reading /sys/firmware/dmi/tables/smbios_entry_point /tmp/netaddr N/A
File opened for reading /sys/firmware/dmi/tables/DMI /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access1/initiators /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/netaddr N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/exe /tmp/netaddr N/A
File opened for reading /proc/cmdline /tmp/netaddr N/A
File opened for reading /proc/mounts /tmp/netaddr N/A
File opened for reading /proc/self/cpuset /tmp/netaddr N/A
File opened for reading /proc/meminfo /tmp/netaddr N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/netaddr N/A
File opened for reading /proc/version_signature /tmp/netaddr N/A
File opened for reading /proc/sys/vm/nr_hugepages /tmp/netaddr N/A

Processes

/tmp/netaddr

[/tmp/netaddr]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 auto.c3pool.org udp
US 1.1.1.1:53 auto.c3pool.org udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.65.91:443 ocp-ingress.fastly.gnome.org tcp
GB 89.187.167.5:443 tcp

Files

memory/1504-1-0x0000000000400000-0x0000000000ca9178-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-15 17:48

Reported

2024-11-15 17:50

Platform

ubuntu2004-amd64-20240729-en

Max time kernel

19s

Max time network

8s

Command Line

[/tmp/netaddr]

Signatures

Xmrig family

xmrig

Xmrig_linux family

xmrig_linux

xmrig

miner xmrig_linux

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/netaddr N/A

Reads hardware information

discovery
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/netaddr N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/netaddr N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/possible /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/online /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /tmp/netaddr N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/unified/cgroup.controllers /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /tmp/netaddr N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/cpu /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators /tmp/netaddr N/A
File opened for reading /sys/bus/soc/devices /tmp/netaddr N/A
File opened for reading /sys/devices/cpu_atom/cpus /tmp/netaddr N/A
File opened for reading /sys/devices/cpu_core/cpus /tmp/netaddr N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/online /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/netaddr N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/netaddr N/A
File opened for reading /sys/bus/dax/devices /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access1/initiators /tmp/netaddr N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /tmp/netaddr N/A
File opened for reading /sys/firmware/dmi/tables/smbios_entry_point /tmp/netaddr N/A
File opened for reading /sys/firmware/dmi/tables/DMI /tmp/netaddr N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/cmdline /tmp/netaddr N/A
File opened for reading /proc/mounts /tmp/netaddr N/A
File opened for reading /proc/self/cpuset /tmp/netaddr N/A
File opened for reading /proc/meminfo /tmp/netaddr N/A
File opened for reading /proc/driver/nvidia/gpus /tmp/netaddr N/A
File opened for reading /proc/version_signature /tmp/netaddr N/A
File opened for reading /proc/sys/vm/nr_hugepages /tmp/netaddr N/A
File opened for reading /proc/self/exe /tmp/netaddr N/A

Processes

/tmp/netaddr

[/tmp/netaddr]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 auto.c3pool.org udp
US 1.1.1.1:53 auto.c3pool.org udp
DE 5.75.158.61:19999 auto.c3pool.org tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp

Files

memory/1400-1-0x0000000000400000-0x0000000000ca9178-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 17:48

Reported

2024-11-15 17:49

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

4s

Command Line

[/tmp/netaddr]

Signatures

N/A

Processes

/tmp/netaddr

[/tmp/netaddr]

Network

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-15 17:48

Reported

2024-11-15 17:50

Platform

debian12-mipsel-20240221-en

Max time kernel

3s

Command Line

[/tmp/netaddr]

Signatures

N/A

Processes

/tmp/netaddr

[/tmp/netaddr]

Network

N/A

Files

N/A