xmrig | ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf | Triage

Submit
Reports

Overview

overview

Static

static

1

yak.sh

ubuntu-18.04-amd64

7

yak.sh

debian-9-armhf

7

yak.sh

debian-9-mips

yak.sh

debian-9-mipsel

Sharing

General

Target

yak.sh
Size

2KB
Sample

241123-3zkrjatkat
MD5

f50f60f970a5203dad27c480da7b4519
SHA1

f50f26900efe72f11c37767b5db9a3916a7c76b4
SHA256

ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf
SHA512

40c118ed8e7b22ba4c439cc3de9a9d69d7cccd9b4d109b00a716ea564379e001304edaffb0f9ca143e87cb0138f566aebea2e998b76c9bb4b653cf7a191e4ddd

Score

10^/10

xmrig xmrig_linux defense_evasion discovery linux miner

Static task

static1

Behavioral task

behavioral1

Sample

yak.sh

Resource

ubuntu1804-amd64-20240611-en

defense_evasion discovery

ubuntu-18.04-amd64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

yak.sh

Resource

debian9-armhf-20240611-en

defense_evasion discovery

debian-9-armhf

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

yak.sh

Resource

debian9-mipsbe-20240611-en

xmrig xmrig_linux defense_evasion discovery miner

debian-9-mips

11 signatures

150 seconds

Behavioral task

behavioral4

Sample

yak.sh

Resource

debian9-mipsel-20240729-en

xmrig xmrig_linux defense_evasion discovery miner

debian-9-mipsel

13 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
linux-it.abuser.eu
Port:
21
Username:
anonymous
Password:
[email protected]

Targets

- Target
  
  yak.sh
- Size
  
  2KB
- MD5
  
  f50f60f970a5203dad27c480da7b4519
- SHA1
  
  f50f26900efe72f11c37767b5db9a3916a7c76b4
- SHA256
  
  ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf
- SHA512
  
  40c118ed8e7b22ba4c439cc3de9a9d69d7cccd9b4d109b00a716ea564379e001304edaffb0f9ca143e87cb0138f566aebea2e998b76c9bb4b653cf7a191e4ddd
Score

10^/10

defense_evasion discovery xmrig xmrig_linux miner
- XMRig Miner payload
  miner
- Xmrig family
  xmrig
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Contacts a large (4428) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

Network Service Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery

behavioral3

xmrigxmrig_linuxdefense_evasiondiscoveryminer

behavioral4

xmrigxmrig_linuxdefense_evasiondiscoveryminer

© 2018-2024

Terms | Privacy