General
-
Target
x86_64
-
Size
1.6MB
-
Sample
241125-t3g1dawjh1
-
MD5
f6634e2fb7872be767a2cb5b1da04103
-
SHA1
532037729f2da9fc1341f744e5afa2420bcfebca
-
SHA256
29f8524562c2436f42019e0fc473bd88584234c57979c7375c1ace3648784e4b
-
SHA512
e1b34b5235ecfe8f74698d10ecf70758adcb5ef2832b3be272fe737770f47daf4974fe6c957ccf24282a1a0af4a4cca393727517ea5ade97504a55b3b6a6ff51
-
SSDEEP
49152:+0C0VNKlaCi+DnTy1aywFeW0/+EPEhB66ERCWP:e8NKlb5nTy1ZueW0Wuq66xWP
Malware Config
Targets
-
-
Target
x86_64
-
Size
1.6MB
-
MD5
f6634e2fb7872be767a2cb5b1da04103
-
SHA1
532037729f2da9fc1341f744e5afa2420bcfebca
-
SHA256
29f8524562c2436f42019e0fc473bd88584234c57979c7375c1ace3648784e4b
-
SHA512
e1b34b5235ecfe8f74698d10ecf70758adcb5ef2832b3be272fe737770f47daf4974fe6c957ccf24282a1a0af4a4cca393727517ea5ade97504a55b3b6a6ff51
-
SSDEEP
49152:+0C0VNKlaCi+DnTy1aywFeW0/+EPEhB66ERCWP:e8NKlb5nTy1ZueW0Wuq66xWP
Score10/10-
Xmrig family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Contacts a large (719952) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
XMRig Miner payload
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-